| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/PSW.zbot.5224 in C:\Users\NAME\AppData\Roaming\Okoku\moik.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.10.2012, 10:37
| #1 |
 |  TR/PSW.zbot.5224 in C:\Users\NAME\AppData\Roaming\Okoku\moik.exe Hallo Dadurch, dass unser Postbankkonto gesperrt wurde, habe ich gemerkt, dass auf diesem Rechner ein Trojaner zu sein scheint. (Außerdem ließ sich Firefox einige Male nicht starten, jetzt gerade allerdings schon. Von daher weiß ich nicht, ob dies etwas damit zu tun hat.) Im Taskmanager war auch eine moik.exe, die ich nicht zuordnen konnte. Die habe ich einfach rausgenommen, und nach einem Neustart war sie auch nicht mehr da. Antivir und Spyware Terminator hatten auch keine Meldung gemacht. Nach dem Entfernen habe ich auch noch mal Malwarebyte Antimalware und Trojan Hunter laufen lassen, die auch nichts gefunden haben. Heute jedoch hat Antivir gemeldet, dass in der moik.exe ein Trojaner ist. (Bei den Prozessen finde ich die Datei momentan übrigens nicht. Dabei habe ich Antivir nicht gesagt, dass er etwas machen soll.) Bevor ich den Rechner jetzt platt mach (würde dafür beim Hochfahren "F11 = recovery" ausreichen?) , wollte ich hier fragen, ob man das Problem auch anders lösen kann, dazu hier die Logs. Vielen Dank schon mal fürs Lesen! Schritt 1: defogger Hier gab es weder eine Fehlermeldung noch die Aufforderung zum Neustart. Schritt 2: OTL OTL logfile created on: 27.10.2012 10:46:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Name\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 67,81% Memory free 7,79 Gb Paging File | 6,34 Gb Available in Paging File | 81,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 246,99 Gb Total Space | 200,33 Gb Free Space | 81,11% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 29,20 Gb Free Space | 58,40% Space Free | Partition Type: NTFS Drive I: | 7,45 Gb Total Space | 6,91 Gb Free Space | 92,80% Space Free | Partition Type: FAT32 Computer Name: Name | User Name: Name2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.27 10:41:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe PRC - [2012.09.07 01:57:32 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2012.09.07 01:57:22 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.07 02:34:00 | 000,823,808 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.21 00:08:14 | 003,454,464 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe PRC - [2011.12.20 04:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.12.20 04:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.12.16 13:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.12.16 13:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.12.16 13:37:10 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.10.04 19:28:28 | 001,088,280 | ---- | M] (Mischel Internet Security) -- C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe PRC - [2010.01.13 02:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe PRC - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.12.09 01:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.22 00:09:56 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.01.13 00:24:26 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.20 04:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.12.20 04:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.12.20 04:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.12.16 13:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.12.16 13:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.16 13:37:10 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.10.13 23:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.26 08:20:39 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 04:20:58 | 000,423,696 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.01.06 05:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.01.05 04:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.05 04:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.05 04:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.14 23:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2011.12.13 20:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.12.13 20:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.12.02 08:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.14 05:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.09.11 23:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {7ADD377A-36A8-40AE-B341-1AC02FEFFD6E} IE - HKCU\..\SearchScopes\{7ADD377A-36A8-40AE-B341-1AC02FEFFD6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKCU\..\SearchScopes\{ACD4370C-8943-43CC-B6EB-6D0472D86EB9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=0C776766-6D22-4750-ACED-AB027BC66C4D&apn_sauid=233D2DE7-BF0F-4FBF-8402-76B6677DADAC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.25 14:09:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.25 14:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name2\AppData\Roaming\mozilla\Extensions [2012.10.25 14:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name2\AppData\Roaming\mozilla\Firefox\Profiles\lfh47v5b.default\extensions [2012.10.25 14:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07DAEF60-64E6-4D7D-932F-FCCF800C050C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\cdo - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk I:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.26 19:21:57 | 000,000,000 | ---D | C] -- C:\Users\Name2\AppData\Roaming\TrojanHunter [2012.10.26 17:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2012.10.26 17:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter [2012.10.26 17:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5 [2012.10.26 16:50:06 | 000,000,000 | ---D | C] -- C:\Users\Name2\AppData\Roaming\Malwarebytes [2012.10.26 16:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.26 16:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.26 16:49:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.26 16:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.25 18:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Schwedisch AKTIV [2012.10.25 14:12:26 | 000,000,000 | ---D | C] -- C:\Users\Name2\AppData\Local\Macromedia [2012.10.25 14:11:12 | 000,000,000 | ---D | C] -- C:\Users\Name2\AppData\Roaming\Opera [2012.10.25 14:11:12 | 000,000,000 | ---D | C] -- C:\Users\Name2\AppData\Local\Opera [2012.10.25 14:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.10.25 14:10:03 | 000,000,000 | ---D | C] -- C:\Users\Name2\AppData\Local\Mozilla ========== Files - Modified Within 30 Days ========== [2012.10.27 10:45:50 | 000,000,000 | ---- | M] () -- C:\Users\Name2\defogger_reenable [2012.10.27 10:34:29 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.27 10:34:29 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.27 10:34:29 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.27 10:34:29 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.27 10:34:29 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.27 10:05:50 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 10:05:50 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 09:57:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.27 09:57:49 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2012.10.27 09:57:40 | 3138,232,320 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 18:56:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.26 17:43:52 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll [2012.10.26 17:43:52 | 000,001,009 | ---- | M] () -- C:\Users\Name2\Desktop\TrojanHunter.lnk [2012.10.26 14:20:18 | 000,165,359 | ---- | M] () -- C:\den winter erleben26.pdf [2012.10.26 14:19:53 | 000,220,200 | ---- | M] () -- C:\den winter erleben25.pdf [2012.10.26 14:19:43 | 000,169,192 | ---- | M] () -- C:\den winter erleben24.pdf [2012.10.26 14:19:27 | 000,165,364 | ---- | M] () -- C:\den winter erleben23.pdf [2012.10.26 14:19:17 | 000,178,185 | ---- | M] () -- C:\den winter erleben22.pdf [2012.10.26 14:19:01 | 000,171,233 | ---- | M] () -- C:\den winter erleben21.pdf [2012.10.26 14:18:51 | 000,182,049 | ---- | M] () -- C:\den winter erleben20.pdf [2012.10.26 14:18:26 | 000,181,631 | ---- | M] () -- C:\den winter erleben19.pdf [2012.10.26 14:18:15 | 000,251,842 | ---- | M] () -- C:\den winter erleben18.pdf [2012.10.26 14:17:57 | 000,184,909 | ---- | M] () -- C:\den winter erleben17.pdf [2012.10.26 14:17:46 | 000,213,451 | ---- | M] () -- C:\den winter erleben16.pdf [2012.10.26 14:17:29 | 000,201,799 | ---- | M] () -- C:\den winter erleben15.pdf [2012.10.26 14:17:18 | 000,160,092 | ---- | M] () -- C:\den winter erleben14.pdf [2012.10.26 14:16:54 | 000,129,291 | ---- | M] () -- C:\den winter erleben13.pdf [2012.10.26 14:16:44 | 000,193,678 | ---- | M] () -- C:\den winter erleben12.pdf [2012.10.26 14:16:28 | 000,146,648 | ---- | M] () -- C:\den winter erleben11.pdf [2012.10.26 14:16:17 | 000,153,736 | ---- | M] () -- C:\den winter erleben10.pdf [2012.10.26 14:16:04 | 000,154,187 | ---- | M] () -- C:\den winter erleben09.pdf [2012.10.26 14:15:51 | 000,196,568 | ---- | M] () -- C:\den winter erleben08.pdf [2012.10.26 14:15:32 | 000,158,306 | ---- | M] () -- C:\den winter erleben07.pdf [2012.10.26 14:15:21 | 000,167,549 | ---- | M] () -- C:\den winter erleben06.pdf [2012.10.26 14:15:06 | 000,106,388 | ---- | M] () -- C:\den winter erleben05.pdf [2012.10.26 14:14:54 | 000,107,034 | ---- | M] () -- C:\den winter erleben04.pdf [2012.10.26 14:13:27 | 000,139,921 | ---- | M] () -- C:\den winter erleben03.pdf [2012.10.26 14:13:10 | 000,101,534 | ---- | M] () -- C:\den winter erleben02.pdf [2012.10.26 14:12:58 | 000,237,927 | ---- | M] () -- C:\den winter erleben01.pdf [2012.10.26 14:01:03 | 000,265,516 | ---- | M] () -- C:\was krippenkinder brauchen51.pdf [2012.10.26 14:00:49 | 000,241,393 | ---- | M] () -- C:\was krippenkinder brauchen50.pdf [2012.10.26 14:00:30 | 000,138,136 | ---- | M] () -- C:\was krippenkinder brauchen49.pdf [2012.10.26 13:59:59 | 000,258,945 | ---- | M] () -- C:\was krippenkinder brauchen48.pdf [2012.10.26 13:59:46 | 000,263,569 | ---- | M] () -- C:\was krippenkinder brauchen47.pdf [2012.10.26 13:59:31 | 000,192,941 | ---- | M] () -- C:\was krippenkinder brauchen46.pdf [2012.10.26 13:59:19 | 000,239,368 | ---- | M] () -- C:\was krippenkinder brauchen45.pdf [2012.10.26 13:59:02 | 000,283,933 | ---- | M] () -- C:\was krippenkinder brauchen44.pdf [2012.10.26 13:58:51 | 000,220,905 | ---- | M] () -- C:\was krippenkinder brauchen43.pdf [2012.10.26 13:58:34 | 000,248,968 | ---- | M] () -- C:\was krippenkinder brauchen42.pdf [2012.10.26 13:58:22 | 000,272,152 | ---- | M] () -- C:\was krippenkinder brauchen41.pdf [2012.10.26 13:58:06 | 000,305,467 | ---- | M] () -- C:\was krippenkinder brauchen40.pdf [2012.10.26 13:57:53 | 000,346,852 | ---- | M] () -- C:\was krippenkinder brauchen39.pdf [2012.10.26 13:57:37 | 000,351,982 | ---- | M] () -- C:\was krippenkinder brauchen38.pdf [2012.10.26 13:57:24 | 000,345,506 | ---- | M] () -- C:\was krippenkinder brauchen37.pdf [2012.10.26 13:57:09 | 000,251,281 | ---- | M] () -- C:\was krippenkinder brauchen36.pdf [2012.10.26 13:56:57 | 000,332,828 | ---- | M] () -- C:\was krippenkinder brauchen35.pdf [2012.10.26 13:56:41 | 000,268,866 | ---- | M] () -- C:\was krippenkinder brauchen34.pdf [2012.10.26 13:56:29 | 000,286,173 | ---- | M] () -- C:\was krippenkinder brauchen33.pdf [2012.10.26 13:56:14 | 000,328,718 | ---- | M] () -- C:\was krippenkinder brauchen32.pdf [2012.10.26 13:56:01 | 000,187,771 | ---- | M] () -- C:\was krippenkinder brauchen31.pdf [2012.10.26 13:55:43 | 000,260,173 | ---- | M] () -- C:\was krippenkinder brauchen30.pdf [2012.10.26 13:55:31 | 000,291,260 | ---- | M] () -- C:\was krippenkinder brauchen29.pdf [2012.10.26 13:55:15 | 000,281,435 | ---- | M] () -- C:\was krippenkinder brauchen28.pdf [2012.10.26 13:55:02 | 000,313,932 | ---- | M] () -- C:\was krippenkinder brauchen27.pdf [2012.10.26 13:54:47 | 000,319,743 | ---- | M] () -- C:\was krippenkinder brauchen26.pdf [2012.10.26 13:54:35 | 000,221,722 | ---- | M] () -- C:\was krippenkinder brauchen25.pdf [2012.10.26 13:54:20 | 000,306,311 | ---- | M] () -- C:\was krippenkinder brauchen24.pdf [2012.10.26 13:54:06 | 000,304,106 | ---- | M] () -- C:\was krippenkinder brauchen23.pdf [2012.10.26 13:53:51 | 000,188,658 | ---- | M] () -- C:\was krippenkinder brauchen22.pdf [2012.10.26 13:53:38 | 000,243,182 | ---- | M] () -- C:\was krippenkinder brauchen21.pdf [2012.10.26 13:53:22 | 000,298,398 | ---- | M] () -- C:\was krippenkinder brauchen20.pdf [2012.10.26 13:53:10 | 000,227,544 | ---- | M] () -- C:\was krippenkinder brauchen19.pdf [2012.10.26 13:52:55 | 000,216,431 | ---- | M] () -- C:\was krippenkinder brauchen18.pdf [2012.10.26 13:52:42 | 000,244,455 | ---- | M] () -- C:\was krippenkinder brauchen17.pdf [2012.10.26 13:52:26 | 000,331,825 | ---- | M] () -- C:\was krippenkinder brauchen16.pdf [2012.10.26 13:52:14 | 000,231,879 | ---- | M] () -- C:\was krippenkinder brauchen15.pdf [2012.10.26 13:51:59 | 000,285,383 | ---- | M] () -- C:\was krippenkinder brauchen14.pdf [2012.10.26 13:51:46 | 000,227,729 | ---- | M] () -- C:\was krippenkinder brauchen13.pdf [2012.10.26 13:51:30 | 000,268,654 | ---- | M] () -- C:\was krippenkinder brauchen12.pdf [2012.10.26 13:51:18 | 000,282,450 | ---- | M] () -- C:\was krippenkinder brauchen11.pdf [2012.10.26 13:51:01 | 000,174,725 | ---- | M] () -- C:\was krippenkinder brauchen10.pdf [2012.10.26 13:50:49 | 000,267,547 | ---- | M] () -- C:\was krippenkinder brauchen09.pdf [2012.10.26 13:50:33 | 000,280,197 | ---- | M] () -- C:\was krippenkinder brauchen08.pdf [2012.10.26 13:50:21 | 000,237,810 | ---- | M] () -- C:\was krippenkinder brauchen07.pdf [2012.10.26 13:50:05 | 000,228,178 | ---- | M] () -- C:\was krippenkinder brauchen06.pdf [2012.10.26 13:49:53 | 000,370,413 | ---- | M] () -- C:\was krippenkinder brauchen05.pdf [2012.10.26 13:49:36 | 000,263,483 | ---- | M] () -- C:\was krippenkinder brauchen04.pdf [2012.10.26 13:49:24 | 000,249,480 | ---- | M] () -- C:\was krippenkinder brauchen03.pdf [2012.10.26 13:49:07 | 000,353,912 | ---- | M] () -- C:\was krippenkinder brauchen02.pdf [2012.10.26 13:48:50 | 000,296,196 | ---- | M] () -- C:\was krippenkinder brauchen01.pdf [2012.10.25 14:11:03 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.10.25 14:09:55 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.27 10:45:50 | 000,000,000 | ---- | C] () -- C:\Users\Name2\defogger_reenable [2012.10.26 17:43:52 | 000,001,009 | ---- | C] () -- C:\Users\Name2\Desktop\TrojanHunter.lnk [2012.10.26 17:43:40 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2012.10.26 14:20:18 | 000,165,359 | ---- | C] () -- C:\den winter erleben26.pdf [2012.10.26 14:19:53 | 000,220,200 | ---- | C] () -- C:\den winter erleben25.pdf [2012.10.26 14:19:43 | 000,169,192 | ---- | C] () -- C:\den winter erleben24.pdf [2012.10.26 14:19:27 | 000,165,364 | ---- | C] () -- C:\den winter erleben23.pdf [2012.10.26 14:19:16 | 000,178,185 | ---- | C] () -- C:\den winter erleben22.pdf [2012.10.26 14:19:01 | 000,171,233 | ---- | C] () -- C:\den winter erleben21.pdf [2012.10.26 14:18:50 | 000,182,049 | ---- | C] () -- C:\den winter erleben20.pdf [2012.10.26 14:18:26 | 000,181,631 | ---- | C] () -- C:\den winter erleben19.pdf [2012.10.26 14:18:15 | 000,251,842 | ---- | C] () -- C:\den winter erleben18.pdf [2012.10.26 14:17:57 | 000,184,909 | ---- | C] () -- C:\den winter erleben17.pdf [2012.10.26 14:17:46 | 000,213,451 | ---- | C] () -- C:\den winter erleben16.pdf [2012.10.26 14:17:28 | 000,201,799 | ---- | C] () -- C:\den winter erleben15.pdf [2012.10.26 14:17:18 | 000,160,092 | ---- | C] () -- C:\den winter erleben14.pdf [2012.10.26 14:16:54 | 000,129,291 | ---- | C] () -- C:\den winter erleben13.pdf [2012.10.26 14:16:44 | 000,193,678 | ---- | C] () -- C:\den winter erleben12.pdf [2012.10.26 14:16:28 | 000,146,648 | ---- | C] () -- C:\den winter erleben11.pdf [2012.10.26 14:16:17 | 000,153,736 | ---- | C] () -- C:\den winter erleben10.pdf [2012.10.26 14:16:04 | 000,154,187 | ---- | C] () -- C:\den winter erleben09.pdf [2012.10.26 14:15:51 | 000,196,568 | ---- | C] () -- C:\den winter erleben08.pdf [2012.10.26 14:15:32 | 000,158,306 | ---- | C] () -- C:\den winter erleben07.pdf [2012.10.26 14:15:21 | 000,167,549 | ---- | C] () -- C:\den winter erleben06.pdf [2012.10.26 14:15:06 | 000,106,388 | ---- | C] () -- C:\den winter erleben05.pdf [2012.10.26 14:14:54 | 000,107,034 | ---- | C] () -- C:\den winter erleben04.pdf [2012.10.26 14:13:27 | 000,139,921 | ---- | C] () -- C:\den winter erleben03.pdf [2012.10.26 14:13:10 | 000,101,534 | ---- | C] () -- C:\den winter erleben02.pdf [2012.10.26 14:12:58 | 000,237,927 | ---- | C] () -- C:\den winter erleben01.pdf [2012.10.26 14:01:03 | 000,265,516 | ---- | C] () -- C:\was krippenkinder brauchen51.pdf [2012.10.26 14:00:49 | 000,241,393 | ---- | C] () -- C:\was krippenkinder brauchen50.pdf [2012.10.26 14:00:30 | 000,138,136 | ---- | C] () -- C:\was krippenkinder brauchen49.pdf [2012.10.26 13:59:58 | 000,258,945 | ---- | C] () -- C:\was krippenkinder brauchen48.pdf [2012.10.26 13:59:46 | 000,263,569 | ---- | C] () -- C:\was krippenkinder brauchen47.pdf [2012.10.26 13:59:30 | 000,192,941 | ---- | C] () -- C:\was krippenkinder brauchen46.pdf [2012.10.26 13:59:19 | 000,239,368 | ---- | C] () -- C:\was krippenkinder brauchen45.pdf [2012.10.26 13:59:02 | 000,283,933 | ---- | C] () -- C:\was krippenkinder brauchen44.pdf [2012.10.26 13:58:50 | 000,220,905 | ---- | C] () -- C:\was krippenkinder brauchen43.pdf [2012.10.26 13:58:33 | 000,248,968 | ---- | C] () -- C:\was krippenkinder brauchen42.pdf [2012.10.26 13:58:22 | 000,272,152 | ---- | C] () -- C:\was krippenkinder brauchen41.pdf [2012.10.26 13:58:06 | 000,305,467 | ---- | C] () -- C:\was krippenkinder brauchen40.pdf [2012.10.26 13:57:53 | 000,346,852 | ---- | C] () -- C:\was krippenkinder brauchen39.pdf [2012.10.26 13:57:37 | 000,351,982 | ---- | C] () -- C:\was krippenkinder brauchen38.pdf [2012.10.26 13:57:24 | 000,345,506 | ---- | C] () -- C:\was krippenkinder brauchen37.pdf [2012.10.26 13:57:09 | 000,251,281 | ---- | C] () -- C:\was krippenkinder brauchen36.pdf [2012.10.26 13:56:56 | 000,332,828 | ---- | C] () -- C:\was krippenkinder brauchen35.pdf [2012.10.26 13:56:41 | 000,268,866 | ---- | C] () -- C:\was krippenkinder brauchen34.pdf [2012.10.26 13:56:29 | 000,286,173 | ---- | C] () -- C:\was krippenkinder brauchen33.pdf [2012.10.26 13:56:13 | 000,328,718 | ---- | C] () -- C:\was krippenkinder brauchen32.pdf [2012.10.26 13:56:01 | 000,187,771 | ---- | C] () -- C:\was krippenkinder brauchen31.pdf [2012.10.26 13:55:43 | 000,260,173 | ---- | C] () -- C:\was krippenkinder brauchen30.pdf [2012.10.26 13:55:31 | 000,291,260 | ---- | C] () -- C:\was krippenkinder brauchen29.pdf [2012.10.26 13:55:15 | 000,281,435 | ---- | C] () -- C:\was krippenkinder brauchen28.pdf [2012.10.26 13:55:02 | 000,313,932 | ---- | C] () -- C:\was krippenkinder brauchen27.pdf [2012.10.26 13:54:46 | 000,319,743 | ---- | C] () -- C:\was krippenkinder brauchen26.pdf [2012.10.26 13:54:34 | 000,221,722 | ---- | C] () -- C:\was krippenkinder brauchen25.pdf [2012.10.26 13:54:19 | 000,306,311 | ---- | C] () -- C:\was krippenkinder brauchen24.pdf [2012.10.26 13:54:06 | 000,304,106 | ---- | C] () -- C:\was krippenkinder brauchen23.pdf [2012.10.26 13:53:51 | 000,188,658 | ---- | C] () -- C:\was krippenkinder brauchen22.pdf [2012.10.26 13:53:38 | 000,243,182 | ---- | C] () -- C:\was krippenkinder brauchen21.pdf [2012.10.26 13:53:22 | 000,298,398 | ---- | C] () -- C:\was krippenkinder brauchen20.pdf [2012.10.26 13:53:10 | 000,227,544 | ---- | C] () -- C:\was krippenkinder brauchen19.pdf [2012.10.26 13:52:55 | 000,216,431 | ---- | C] () -- C:\was krippenkinder brauchen18.pdf [2012.10.26 13:52:42 | 000,244,455 | ---- | C] () -- C:\was krippenkinder brauchen17.pdf [2012.10.26 13:52:26 | 000,331,825 | ---- | C] () -- C:\was krippenkinder brauchen16.pdf [2012.10.26 13:52:14 | 000,231,879 | ---- | C] () -- C:\was krippenkinder brauchen15.pdf [2012.10.26 13:51:58 | 000,285,383 | ---- | C] () -- C:\was krippenkinder brauchen14.pdf [2012.10.26 13:51:46 | 000,227,729 | ---- | C] () -- C:\was krippenkinder brauchen13.pdf [2012.10.26 13:51:30 | 000,268,654 | ---- | C] () -- C:\was krippenkinder brauchen12.pdf [2012.10.26 13:51:18 | 000,282,450 | ---- | C] () -- C:\was krippenkinder brauchen11.pdf [2012.10.26 13:51:01 | 000,174,725 | ---- | C] () -- C:\was krippenkinder brauchen10.pdf [2012.10.26 13:50:49 | 000,267,547 | ---- | C] () -- C:\was krippenkinder brauchen09.pdf [2012.10.26 13:50:33 | 000,280,197 | ---- | C] () -- C:\was krippenkinder brauchen08.pdf [2012.10.26 13:50:21 | 000,237,810 | ---- | C] () -- C:\was krippenkinder brauchen07.pdf [2012.10.26 13:50:05 | 000,228,178 | ---- | C] () -- C:\was krippenkinder brauchen06.pdf [2012.10.26 13:49:53 | 000,370,413 | ---- | C] () -- C:\was krippenkinder brauchen05.pdf [2012.10.26 13:49:36 | 000,263,483 | ---- | C] () -- C:\was krippenkinder brauchen04.pdf [2012.10.26 13:49:23 | 000,249,480 | ---- | C] () -- C:\was krippenkinder brauchen03.pdf [2012.10.26 13:49:07 | 000,353,912 | ---- | C] () -- C:\was krippenkinder brauchen02.pdf [2012.10.26 13:48:50 | 000,296,196 | ---- | C] () -- C:\was krippenkinder brauchen01.pdf [2012.10.25 14:11:03 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.10.25 14:11:03 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.10.25 14:09:55 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.25 14:09:55 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.02 15:39:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.30 14:36:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.21 12:06:24 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.21 12:06:23 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.21 12:06:20 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.21 12:06:19 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.21 12:06:17 | 013,184,512 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.09 01:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.25 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Name2\AppData\Roaming\IrfanView [2012.10.25 14:11:12 | 000,000,000 | ---D | M] -- C:\Users\Name2\AppData\Roaming\Opera [2012.08.26 08:20:35 | 000,000,000 | ---D | M] -- C:\Users\Name2\AppData\Roaming\Spyware Terminator [2012.10.26 19:21:57 | 000,000,000 | ---D | M] -- C:\Users\Name2\AppData\Roaming\TrojanHunter ========== Purity Check ========== < End of report > OTL Extras logfile created on: 27.10.2012 10:46:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Name\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 67,81% Memory free 7,79 Gb Paging File | 6,34 Gb Available in Paging File | 81,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 246,99 Gb Total Space | 200,33 Gb Free Space | 81,11% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 29,20 Gb Free Space | 58,40% Space Free | Partition Type: NTFS Drive I: | 7,45 Gb Total Space | 6,91 Gb Free Space | 92,80% Space Free | Partition Type: FAT32 Computer Name: NAME | User Name: Name2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06EBFCF2-C87C-4104-A42B-26D9D2449085}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{367895C4-8CAD-433D-A88F-FB19E6FDACC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D11B541-D8FA-41E0-BBC9-DC06AC7DC2B5}" = lport=138 | protocol=17 | dir=in | app=system | "{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4528B4B5-F55F-40C1-B165-093AE6A62833}" = rport=10243 | protocol=6 | dir=out | app=system | "{48BF9F3E-F1AC-4E57-99D7-6F4535755BC7}" = lport=10243 | protocol=6 | dir=in | app=system | "{4A95E50D-0D7E-4BAD-A0D1-66B32CED8568}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FC2B7CB-5443-4DB4-B50B-BC9CCEF0BDF0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{80300360-D295-4364-9944-6C1CBAAF09C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{83DA0062-CC3C-4C45-B5CA-0AC8C3EBD719}" = rport=139 | protocol=6 | dir=out | app=system | "{8FE1B007-192F-44AF-9EF0-AAFB6B5CC531}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A200B74E-320F-4094-BDF7-0BDD1C19525F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A840D01A-7767-44C6-96B8-29AF4C51A04C}" = rport=445 | protocol=6 | dir=out | app=system | "{AD7DB0E8-303F-45B1-BF37-B5AD42842344}" = rport=137 | protocol=17 | dir=out | app=system | "{B1A394FF-A73A-4A9B-95C7-39D0E9180F8F}" = lport=137 | protocol=17 | dir=in | app=system | "{B6FC68F8-7915-48B5-8EB6-52EF522BCFB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B92F1F74-44FA-420D-9FF6-CA824C3298FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DAFC39BC-3CFA-4117-A350-D8786C9DD64F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E6EFEA51-3527-4745-8BF5-1C3F35440578}" = rport=138 | protocol=17 | dir=out | app=system | "{F7425701-2C25-4987-ADE0-D1F4BCFBFDE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F8ABE81D-42CB-423C-9899-B17A32EB2E64}" = lport=139 | protocol=6 | dir=in | app=system | "{FFF68090-48AF-4020-AEC4-798BD1775F17}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FAA706-474D-4930-ABA9-CCC7B3394FB1}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{02CE21EB-756A-416B-8D7B-BDB41B9529A6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0396FEE7-F9C2-4E25-A04D-4CC26B8043BA}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{1433BAA5-0EA2-4C20-AFAB-1E805C6A774D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1EAFFF3F-D458-405D-ADC3-B23CE60A619C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{23C445C1-4603-4711-80A7-89763F521554}" = protocol=6 | dir=out | app=system | "{297C17EA-D3CB-408A-8084-FF8EE5760061}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3D01D5EC-D336-49A1-A5C8-F2535B534AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{462EF08E-752A-49C5-9B7E-FD4DA95D5C8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{575D786C-9366-4CD3-9896-94C9A7CA70FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5912B998-B667-478F-9D9C-5A8597067D23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6EA0E243-D77E-40A3-9D59-78AE7D9CB304}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{821C8DBF-FF03-441A-8B34-69DA182231E2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{928D2D17-C325-4EC8-8CCD-FCEB7F2580B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{935DB972-B52B-43AA-A559-DDFA2463AF89}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B80AC4F7-D384-465D-908D-1202AF45578D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BF394D06-52CA-479B-9A5F-4457F8E53AEA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{D3727B2D-B99D-47C8-928A-8FDFD52223EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E50A71D7-81E9-4C7F-A7AF-8D7ED447BCC1}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{E7345842-FFEF-4274-971E-43FA4B191B05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E9FBF103-4B2F-43E9-927A-7A956AAB6AE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EA233F75-0F02-4697-BCD8-F86A67C1B538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EB328F87-6F17-4F01-A3A5-BA6DAB6F77A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0267ACB-4EAC-4499-AC9C-DDD0DA3E008B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F2BC53D2-A43B-43B4-AC27-5A8BE89710A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{56EDC06F-01B7-45EB-9896-0ECDC845B88F}C:\users\name\appdata\roaming\okoku\moik.exe" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\okoku\moik.exe | "TCP Query User{AFE86D8B-A2FC-4975-B099-6F622E8142AD}C:\users\name\appdata\roaming\okoku\moik.exe" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\okoku\moik.exe | "UDP Query User{B79C7D22-7D6A-47DF-8A5B-829294D02B14}C:\users\name\appdata\roaming\okoku\moik.exe" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\okoku\moik.exe | "UDP Query User{EF04C88D-1EB6-4564-A5B5-816406339B03}C:\users\name\appdata\roaming\okoku\moik.exe" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\okoku\moik.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "845E564BAE975482FB7B778B84AD2938C9534679" = Windows Driver Package - Intel (NETwNs64) net (11/29/2011 15.0.0.75) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Avira AntiVir Desktop" = Avira Free Antivirus "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) "Opera 12.02.1578" = Opera 12.02 "PDF Blender" = PDF Blender "Schwedisch Aktiv" = Schwedisch AKTIV "TrojanHunter_is1" = TrojanHunter 5.5 "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.10.2012 08:03:15 | Computer Name = Name | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.1.4666, Zeitstempel: 0x5076192e Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0028f328 ID des fehlerhaften Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cdb2a8a9b07590 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: f48e54cd-1e9b-11e2-87f4-685d431758da Error - 25.10.2012 08:08:57 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 25.10.2012 12:34:28 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 26.10.2012 01:02:37 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 26.10.2012 03:38:43 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 26.10.2012 05:55:35 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 26.10.2012 07:46:34 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 26.10.2012 10:16:01 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 26.10.2012 10:40:03 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error - 27.10.2012 03:57:59 | Computer Name = Name | Source = MemeoBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) [ System Events ] Error - 25.09.2012 04:08:26 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 25.09.2012 04:08:26 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 25.09.2012 04:08:27 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 01.10.2012 10:36:21 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 01.10.2012 12:37:14 | Computer Name = Name | Source = bowser | ID = 8003 Description = Error - 07.10.2012 12:21:50 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 07.10.2012 12:21:50 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 07.10.2012 12:21:51 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 07.10.2012 12:21:51 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 07.10.2012 12:21:52 | Computer Name = Name | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. < End of report > Schritt 3: Entfällt, da 64-Bit. |
| Themen zu TR/PSW.zbot.5224 in C:\Users\NAME\AppData\Roaming\Okoku\moik.exe |
| antivir, autorun, avira, bho, entfernen, error, excel, firefox, flash player, frage, helper, home, install.exe, logfile, plug-in, problem, realtek, registry, scan, schwedisch, security, software, spyware, starten, svchost.exe, taskmanager, tr/psw.zbot., trojaner, usb 2.0, usb 3.0, windows |
Baum-Darstellung