|
Plagegeister aller Art und deren Bekämpfung: Fb Downloader ändert Browser EinstellungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.11.2012, 09:49 | #1 |
| Fb Downloader ändert Browser Einstellungen Hallo Trojaner-Board Team, ich habe seit ca. zwei Wochen Probleme mit fb downloader der sich offensichtlich selbständig auf meinem System installiert hat. Beim öffnen eines neuem Tab im Firefox wird der fb downloader wie als Standard Suchmaschine ausgeführt. Ich habe das Programm deinstalliert und auch im Browser alles gelöscht aber es will einfach nicht verschwinden. Auch im IE hat es sich als Standard Suchmaschine gespeichert. Ich habe zuerst vermutet das es ein Problem von Firefox ist, und habe den dann auch deinstalliert und stattdessen Chrome Installiert, doch nach dem nächsten Systemstart hat sich der Fb downloader auch im Chrome eingenistet. Bei jedem Systemstart erscheint ein Popup Fenster mit dem Text: We noticed that your homepage and/or search provider settings at your Chrome browser have been changed to google.com. If you cancel this operation, they will revert to the recommended settings ( using FBDownloader Search) |
27.11.2012, 13:26 | #2 |
/// Helfer-Team | Fb Downloader ändert Browser EinstellungenDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 2 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.fbdownloader.com/?channel=sfat203fbdgy20 CHR - homepage: http://search.fbdownloader.com/?channel=sfat203fbdgy20 O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Albert\AppData\Local\fbDownloader\Extensions\FBDownloader.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NWEReboot] File not found :Files ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
27.11.2012, 20:07 | #3 | |
| Fb Downloader ändert Browser Einstellungen Hallo t'john,
__________________herzlichen Dank für die rasche Antwort und Hilfe! Code:
ATTFilter All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! Use Chrome's Settings page to change the HomePage. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553318DA-D010-469E-84B1-496563CAE1BF}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Albert\Desktop\cmd.bat deleted successfully. C:\Users\Albert\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Albert ->Temp folder emptied: 3366327437 bytes ->Temporary Internet Files folder emptied: 69738864 bytes ->Java cache emptied: 2525036 bytes ->Google Chrome cache emptied: 64137034 bytes ->Flash cache emptied: 622 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 424395173 bytes RecycleBin emptied: 181479148 bytes Total Files Cleaned = 3.918,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11272012_191321 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Zitat:
MfG, Albert |
28.11.2012, 21:48 | #4 |
/// Helfer-Team | Fb Downloader ändert Browser Einstellungen ist FBDownloader noch zu sehen? Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
28.11.2012, 23:47 | #5 |
| Fb Downloader ändert Browser Einstellungen Hallo t'john, fbdownloader ist nicht mehr zu sehen und auch das Popup-Fenster beim Windows Start erscheint nicht mehr. Auch die Einträge vom fbdownloader in Chrome und IE haben sich löschen lassen und sind nicht mehr aufgetaucht. OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.11.2012 22:15:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Albert\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free 4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 68,27 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Albert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Programme\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\USB Server 2\NPW\NPWService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\MouseDriver\OfficeMouse.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\KeePass\02fb0d841ee13634b967ee8d3e9891f0\KeePass.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\c5a6b99b05b43212f9a70a7456313961\System.ComponentModel.DataAnnotations.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b347108b7fd646ef7394352a242da23b\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2ac9ed65e7a7ccfcc1d4f4967540d993\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\471e9622a174c71be1b987575a92a1f6\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c15c94b675becb485d940f8f0068dc5d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\d15f027a989100ea46b1df0c050dda17\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programme\MouseDriver\dllset.dll () MOD - C:\Programme\MouseDriver\OfficeMouse.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (NPWService) -- C:\Programme\USB Server 2\NPW\NPWService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (WLMS) -- C:\Windows\System32\wlms\wlms.exe (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (cpuz132) -- C:\Users\Albert\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (NUS_Bus) -- C:\Windows\System32\drivers\NUS_Bus.sys (Elite Silicon Technology Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (EST_Server) -- C:\Windows\System32\drivers\GenHC.sys ( ) DRV - (EST_BusEnum) -- C:\Windows\System32\drivers\GenBus.sys ( ) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.11 20:22:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.20 09:33:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.06.20 09:33:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2012.08.15 09:03:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.15 09:03:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:32:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.15 09:03:58 | 000,000,000 | ---D | M] [2012.11.26 01:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions [2010.11.09 23:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.10 00:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2010.11.10 00:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Sunbird\Profiles\fzra2mpr.default\extensions [2012.11.26 01:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.21 00:43:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.11.11 22:05:28 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.06.20 09:33:17 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.at/webhp?source=search_app CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.at/webhp?source=search_app CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Domain in Title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodphonkppglbgndfcladhogaciihdhb\1.0.1_0\ CHR - Extension: Google-Suche = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\ CHR - Extension: Drucken = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd\2.0.2.4_0\ CHR - Extension: Url in title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignpacbgnbnkaiooknalneoeladjnfgb\1.0_0\ CHR - Extension: Dropbox = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Google Maps = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_1\ CHR - Extension: HostTitle = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkhckndnghfgcfpjcohegbngjfbooik\1.1_0\ CHR - Extension: Host in Title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncegdmnpeldnkkicpdjlpgmfnapfnjfk\0.1_0\ CHR - Extension: Host in Title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncegdmnpeldnkkicpdjlpgmfnapfnjfk\0.1_0\~ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: ChromeIPass = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae\1.0.7_0\ CHR - Extension: Google Mail = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iWareV3] C:\Programme\MouseDriver\OfficeMouse.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WD Spindown Utility] C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.) O4 - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft) O4 - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000..\Run: [USB Server] C:\Program Files\USB Server 2\USB Server.exe (USB Server) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\USB Server 2\NPW\NPWprint.dll (Elite Silicon Technology Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D76EC4E-FB7E-41C7-A7F0-DA48ED1B9762}: DhcpNameServer = 194.48.139.254 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4611ADBD-E961-4D62-9D2E-08462F94453C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17b2351b-984f-11e0-bee3-001a6bbb1807}\Shell - "" = AutoRun O33 - MountPoints2\{17b2351b-984f-11e0-bee3-001a6bbb1807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{76b7b40d-ec1f-11df-b8a0-001b24b15964}\Shell - "" = AutoRun O33 - MountPoints2\{76b7b40d-ec1f-11df-b8a0-001b24b15964}\Shell\AutoRun - "" = Autorun O33 - MountPoints2\{76b7b40d-ec1f-11df-b8a0-001b24b15964}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\Albert\Desktop\Trojaner-Board [2012.11.27 19:13:21 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.27 19:10:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe [2012.11.26 04:12:34 | 000,649,864 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Albert\Desktop\autoruns1134.exe [2012.11.26 03:28:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.26 03:28:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.26 03:28:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.26 03:28:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.26 03:28:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.26 03:28:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.26 03:28:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.26 03:28:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.26 03:28:02 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.26 03:28:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.26 03:28:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.26 03:28:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.26 03:28:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.26 03:28:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.26 03:28:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.26 03:27:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.26 03:27:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.26 03:27:59 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.26 03:27:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.26 03:27:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.26 03:27:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.26 03:27:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.26 03:27:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.26 03:27:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.26 03:27:58 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.26 03:27:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.26 03:27:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.26 03:27:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.26 03:27:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.26 03:27:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.26 03:27:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.26 03:27:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.26 03:27:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.26 03:27:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.26 03:27:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.26 03:27:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.26 03:27:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.26 02:16:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2012.11.26 02:16:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2012.11.26 02:16:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.26 02:16:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2012.11.26 02:16:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2012.11.26 02:16:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2012.11.26 02:16:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2012.11.26 02:16:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2012.11.26 02:16:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2012.11.26 02:16:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2012.11.26 02:16:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2012.11.26 02:16:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2012.11.26 02:15:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2012.11.26 02:15:58 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2012.11.26 02:15:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2012.11.26 02:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec [2012.11.26 02:10:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.25 23:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.25 23:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.11.25 15:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.25 15:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.11.25 13:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.21 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.20 18:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.11.16 02:39:02 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.16 02:39:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.16 02:38:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.16 02:38:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.16 02:38:34 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.15 20:22:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.15 20:22:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.15 20:22:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.15 20:22:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.15 20:22:09 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.15 20:22:04 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.15 20:22:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.03 13:39:10 | 000,000,000 | R--D | C] -- C:\Users\Albert\Dropbox [2012.11.03 13:28:52 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.11.03 13:27:51 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Dropbox [2012.11.03 09:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org [2012.11.03 08:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.8.0.5 [2012.11.03 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\FlightGear [2012.11.03 01:12:55 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\AntiMalware_Software [2012.11.01 20:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.11.01 20:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.11.01 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\Anti-Malware [2012.11.01 13:57:54 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Malwarebytes [2012.11.01 13:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.01 13:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.01 13:57:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.01 13:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.01 02:56:26 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\fltk.org [2012.11.01 02:01:39 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\flightgear.org [2012.11.01 02:01:36 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2012.11.01 02:01:36 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2012.11.01 02:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL ========== Files - Modified Within 30 Days ========== [2012.11.28 21:56:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 21:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 20:25:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 12:05:46 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 12:05:46 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 12:03:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.28 11:59:51 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 11:51:17 | 000,007,633 | ---- | M] () -- C:\Users\Albert\AppData\Local\resmon.resmoncfg [2012.11.27 19:44:14 | 000,480,125 | ---- | M] () -- C:\Users\Albert\Desktop\adwcleaner.exe [2012.11.27 19:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe [2012.11.26 05:44:31 | 000,302,592 | ---- | M] () -- C:\Users\Albert\Desktop\mb66nxs3.exe [2012.11.26 05:41:17 | 000,050,477 | ---- | M] () -- C:\Users\Albert\Desktop\Defogger.exe [2012.11.26 04:12:37 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Albert\Desktop\autoruns1134.exe [2012.11.26 03:28:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.26 03:28:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.26 03:28:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.26 03:28:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.26 03:28:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.26 03:28:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.26 03:28:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.26 03:28:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.26 03:28:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.26 03:28:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.26 03:28:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.26 03:28:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.26 03:28:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.26 03:28:00 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.26 03:28:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.26 03:28:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.26 03:27:59 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.26 03:27:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.26 03:27:59 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.26 03:27:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.26 03:27:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.26 03:27:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.26 03:27:59 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.26 03:27:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.26 03:27:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.26 03:27:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.26 03:27:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.26 03:27:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.26 03:27:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.26 03:27:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.26 03:27:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.26 03:27:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.26 03:27:54 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.26 03:27:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.26 03:27:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.26 03:27:54 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.26 03:27:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.26 03:27:54 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.26 00:49:09 | 000,033,518 | ---- | M] () -- C:\Users\Albert\Documents\NewDatabase.kdbx [2012.11.25 14:44:31 | 000,291,747 | ---- | M] () -- C:\Users\Albert\Desktop\bookmarks.html [2012.11.23 11:51:40 | 000,026,254 | ---- | M] () -- C:\Users\Albert\AppData\Local\recently-used.xbel [2012.11.20 18:56:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.20 18:56:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.16 07:54:02 | 000,396,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 02:49:36 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.16 02:49:36 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.16 02:49:36 | 000,044,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.16 02:49:36 | 000,020,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 13:29:11 | 000,001,051 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.11.03 09:21:00 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2012.11.03 09:21:00 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2012.11.02 01:54:57 | 000,000,095 | ---- | M] () -- C:\Windows\ParrotFlashWiz.INI ========== Files Created - No Company Name ========== [2012.11.27 19:44:13 | 000,480,125 | ---- | C] () -- C:\Users\Albert\Desktop\adwcleaner.exe [2012.11.26 05:44:31 | 000,302,592 | ---- | C] () -- C:\Users\Albert\Desktop\mb66nxs3.exe [2012.11.26 05:41:16 | 000,050,477 | ---- | C] () -- C:\Users\Albert\Desktop\Defogger.exe [2012.11.26 03:27:59 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.25 14:44:31 | 000,291,747 | ---- | C] () -- C:\Users\Albert\Desktop\bookmarks.html [2012.11.23 11:51:40 | 000,026,254 | ---- | C] () -- C:\Users\Albert\AppData\Local\recently-used.xbel [2012.11.16 02:39:05 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 02:38:34 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.03 13:29:10 | 000,001,051 | ---- | C] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.23 11:47:28 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.07.23 11:44:21 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll [2012.07.23 11:44:21 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2012.07.23 11:44:20 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe [2012.07.23 11:44:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2012.06.10 14:28:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.18 18:36:42 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.03.29 23:20:49 | 000,000,095 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI [2011.10.27 20:23:35 | 000,000,000 | ---- | C] () -- C:\Users\Albert\AppData\Local\{6C085161-E589-420B-AF1B-556006FCD39F} [2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.02.28 11:33:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.02.28 11:31:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.22 10:09:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.08 13:33:14 | 000,023,318 | ---- | C] () -- C:\Windows\hpqins15.dat.temp [2010.12.05 12:58:01 | 000,023,731 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.11.09 17:30:02 | 000,007,633 | ---- | C] () -- C:\Users\Albert\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.11.2012 22:15:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Albert\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free 4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 68,27 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{119BC879-2322-46C5-AD77-888FD9940202}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19D5580E-2DF4-4225-8875-96184D03A80D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1CF17659-0A80-40C2-977B-C25418B100E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D63FA96-92C4-49F7-B5B2-088E50A3579C}" = rport=10243 | protocol=6 | dir=out | app=system | "{2B3915FE-9D46-4C92-B3C3-D937D100B727}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2E4FE7B5-827C-4FAB-9266-B6DE7FDEA1EB}" = lport=139 | protocol=6 | dir=in | app=system | "{2F616D04-7C2C-40E3-B8A2-CE7B0BA0FDD7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{339E8B9B-4B32-45DA-8C69-2BA947E0B175}" = lport=137 | protocol=17 | dir=in | app=system | "{356BED48-3365-4336-9508-D6F8AF24BB4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{40D1CD60-BF5B-4D96-B9F2-41195B210BB8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{41DFB91E-4064-444B-A79B-A63B0E98920F}" = lport=138 | protocol=17 | dir=in | app=system | "{4D32006A-49B0-4DF1-81FA-7135FB3820F5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{59606DE1-7A45-4155-8422-0BD1AF791BA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5AB3CA9C-3834-46AB-827B-A48350D6EB02}" = rport=445 | protocol=6 | dir=out | app=system | "{63B98944-1FB1-4839-BE94-B50683BAB276}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{65816325-F9A9-4E53-987A-ACE44FF83EBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6EA19B8C-C5CE-4302-AFDE-72F9E7035D03}" = rport=138 | protocol=17 | dir=out | app=system | "{853643DB-E899-4FB8-B2EE-CDF4FA2CFCE9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8E474624-000F-4C65-A49A-CB74BE2F78BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{974FB65A-A99F-4DD8-A31F-3C9355AB475B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9AED4B2C-9E1A-4153-AB82-61691B4BA3A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9C5671E2-3579-4BE1-A158-AA21DFB5E06E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9D33CA33-68D0-4F52-B74D-DABF5AA5E8B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9E04A0DE-A2C1-42FA-B7C4-09728B832480}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9E6EF9A8-C919-46D6-8282-7AA6D2DAA210}" = lport=445 | protocol=6 | dir=in | app=system | "{A14FE220-D3E2-458E-B0CF-773ACCAB3E63}" = rport=139 | protocol=6 | dir=out | app=system | "{A6470DF0-E51E-4F2D-A9DF-3E66635251CA}" = rport=137 | protocol=17 | dir=out | app=system | "{A94D3687-A2F7-4E7F-B345-7E9FF7E467C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B1577FA2-4F98-4615-AFE9-46BFE5F750A0}" = lport=2869 | protocol=6 | dir=in | app=system | "{E4393B6C-CB86-4F5A-AF1D-C3D36ECE089E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7F136BE-7CD7-4E47-A0FE-96370CD6ACA3}" = lport=10243 | protocol=6 | dir=in | app=system | "{E8D01225-5037-4D87-9A4E-E34D5CED0DEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EB338083-515C-462D-BDA1-7070BEF3AA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EFDC8AA0-E4E8-49C7-8D42-A62C1313EE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006766D3-2C8B-41A4-8CD8-6AB426A2B349}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1FCB097C-75FB-4280-B0AB-BA764F742108}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{20C95A48-70F3-4831-9CA7-A20782FFE32B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{20C963B1-1AF2-4307-B9D6-60DD3B96E48C}" = protocol=6 | dir=in | app=c:\program files\usb server 2\usb server.exe | "{2D552CB7-C386-4287-A4F5-18D34A09A99E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{337E2EAB-44AE-4859-9430-57DD3AB1B48A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{4183E7CD-B262-43AE-B666-D7E7D0C75560}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{430F0D74-838C-4C13-B30C-306B1E3E2866}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{452B15EA-D841-48E0-BF43-43D910E02324}" = dir=in | app=c:\program files\itunes\itunes.exe | "{4875C61E-E090-4E37-8DBE-F320BB918DF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{4D1DF05B-B644-446C-8D88-9B5C6E02433C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4DE1D478-E1D0-48D7-BB52-A774671F5742}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{4F5B90D2-0423-4DBB-9BC0-E773251FB3CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{510B5F6D-B091-4F19-B096-C7F431D2398F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{51CE5BED-9539-4B1E-9B3D-BD025F48BDBD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{542AE709-7037-4191-8A12-CE19CD71C6DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{5F5C1E8D-0B2C-4D35-9842-91EC3B3BD298}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{61EB738B-AFA2-4C47-A466-36042E470A83}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{637EF555-3279-49BC-B42F-26A60B372552}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{6AA4CA01-36CE-4262-815B-BFDA8CC40995}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{733556B4-7D8F-463A-89A2-2603FA97361A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{83710CD8-BE4B-4493-BBA3-D503B99FA6DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{88960076-EE3D-4CF6-A5A6-CC424D146E14}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8B24FCF7-856E-4A67-9981-9A80E3E48972}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{91138AD9-A13A-44CD-A837-9195C457FA8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{91174207-2A4B-4415-BC7C-BE7EF33E5737}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{95581228-A17B-40C8-A888-BC08CC3087BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{9606E313-DB51-47FD-B5C9-C1AAF94E6036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9958B43A-B86F-4B32-BF78-C0A7981416F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E4F5A4A-AB17-42D4-B08F-75C06FCB8E6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A311A0DE-27D2-4366-8436-02D4CA1ED579}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A6AA8866-A36B-44E0-9102-6271C6521DCE}" = protocol=6 | dir=out | app=system | "{A792DE7B-E99E-410A-B187-C32A15CE9384}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | "{AA84E1C7-B34B-451E-88BF-63425A8CDA60}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{AB95E1E9-5EBF-4150-9F44-734160880EF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC848ACD-9150-41D4-963E-EFA062EF80CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF7C13DF-47E2-4A4C-BFB4-A17A357682D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{B657827B-CAD4-49A4-A09B-C167956F7CF5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{B7A12D42-ABA7-4967-BE9E-CB2604DD3053}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{BEFD30D6-2AA7-4648-88AC-F2FB3F652038}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{C196C39D-F45F-4D2E-9798-178B00CE8E0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{C24A8477-9670-4B0C-A0A0-A4299BE17AA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CB9FC98F-5663-4BD7-A06F-A37FD8077A93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{CF4C4651-A988-4CF3-8C95-145986785410}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{DD411427-EB32-4B93-B264-898236509B0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E09B1DC8-76BE-4918-87A7-D91D827C7C5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{E7762B6D-B037-48F3-A35F-046BF736B24B}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | "{ECF12F24-4FEC-4BD0-B35B-8A67DEDA49D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EE4A90EF-49A1-4C3E-AAE0-EB8A157242B3}" = protocol=17 | dir=in | app=c:\program files\usb server 2\usb server.exe | "{F23C5838-88AB-4604-84BE-39E9EA41974A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F8C6C5FF-9510-4B6E-B54F-1097D950A122}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{FB50185B-03D8-4E87-8E05-6334C39D45C3}" = protocol=17 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | "{FEF7D4D1-E6AC-44B5-AE23-B48C019A66D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{FF1F907A-3B04-4944-9415-0C6F3FD01578}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FF889209-BCA0-4D9B-A838-EB48286F2972}" = protocol=6 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{0A3DADCD-56D9-44F7-BD6F-F166E4028ADE}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{1CF4CCDD-3552-40EF-9E92-8E9D4BF8BA72}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{261302F2-AF89-40BD-BFD0-4CA145759608}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{6AE7B344-F7B9-459F-96FF-144C3696157C}C:\program files\pokerth-0.8.3\pokerth.exe" = protocol=6 | dir=in | app=c:\program files\pokerth-0.8.3\pokerth.exe | "TCP Query User{877A5793-E414-41B3-BEA9-153A2113ED53}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{9809E498-E383-435F-8514-DDB7864F490A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{B19F14EF-419C-4DBE-9B21-358D3C7C3A5B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{F90AD3C6-333A-4AD6-A7BC-21E5325DF06B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{11848495-C3F3-40ED-83B1-D92EEADA1181}C:\program files\pokerth-0.8.3\pokerth.exe" = protocol=17 | dir=in | app=c:\program files\pokerth-0.8.3\pokerth.exe | "UDP Query User{18E89AD6-8CE0-48D8-A37E-E3412BD38FCC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4050FDAF-67D5-4BD8-8FD3-332F6D53470A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{4569E9EB-2AEC-4677-9E65-1EDC4426B859}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{58D74CAB-6621-480D-8080-A8093313C00F}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{B742DB3F-5EC8-49FC-A050-BD975787C495}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{BA04EB7D-CD67-407B-A76F-559D761A4974}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{ED630CC6-719A-40E8-8C55-7C787EDA309D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{071F3745-E389-4345-86DF-E80B55446FCE}" = Motorsport-Total.com NewsBox "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{643E1970-324F-474C-8610-55F3F053BC01}" = MouseDriver "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{778EACF8-06C1-47AA-9284-91550E9BAD39}" = Samsung Easy Color Manager "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{85FF5C0A-18FA-4FF7-9F8D-922F8C68BFD9}" = USB Server "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety "{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender "{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "Avira AntiVir Desktop" = Avira Free Antivirus "DivX Setup" = DivX-Setup "FlightGear_is1" = FlightGear 2.8.0.5 "Foxit Reader" = Foxit Reader "Google Chrome" = Google Chrome "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Inkscape" = Inkscape 0.48.3.1 "InstallShield_{85FF5C0A-18FA-4FF7-9F8D-922F8C68BFD9}" = USB Server "IrfanView" = IrfanView (remove only) "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1 "Live 8.0.4" = Live 8.0.4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Parrot Flash Update Wizard" = Parrot Software Update Tool "PokerTH 0.8.3" = PokerTH "RealPlayer 15.0" = RealPlayer "Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series "SetIP" = SetIP "Shop for HP Supplies" = Shop for HP Supplies "SMSERIAL" = Motorola SM56 Speakerphone Modem "Sweet Home 3D_is1" = Sweet Home 3D version 3.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "XnView_is1" = XnView 1.99 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.09.2012 10:02:26 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.09.2012 10:02:26 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9719 Error - 19.09.2012 10:02:26 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9719 Error - 19.09.2012 10:02:27 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.09.2012 10:02:27 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10717 Error - 19.09.2012 10:02:27 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10717 Error - 19.09.2012 10:02:28 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.09.2012 10:02:28 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 11716 Error - 19.09.2012 10:02:28 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 11716 Error - 19.09.2012 11:09:18 | Computer Name = Albert-PC | Source = Application Hang | ID = 1002 Description = Programm Live 8.0.4.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ed0 Startzeit: 01cd96780a988e38 Endzeit: 61 Anwendungspfad: C:\Program Files\Ableton\Live 8.0.4\Program\Live 8.0.4.exe Berichts-ID: ed107a6b-026b-11e2-849d-001a6bbb1807 [ Media Center Events ] Error - 01.01.2011 08:13:53 | Computer Name = Albert-PC | Source = MCUpdate | ID = 0 Description = 13:13:53 - Fehler beim Herstellen der Internetverbindung. 13:13:53 - Serververbindung konnte nicht hergestellt werden.. Error - 01.01.2011 08:14:01 | Computer Name = Albert-PC | Source = MCUpdate | ID = 0 Description = 13:13:58 - Fehler beim Herstellen der Internetverbindung. 13:13:58 - Serververbindung konnte nicht hergestellt werden.. Error - 30.01.2011 08:10:16 | Computer Name = Albert-PC | Source = MCUpdate | ID = 0 Description = 13:10:14 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout für Vorgang überschritten) [ System Events ] Error - 26.11.2012 14:04:09 | Computer Name = Albert-PC | Source = DCOM | ID = 10010 Description = Error - 26.11.2012 14:15:01 | Computer Name = Albert-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?11.?2012 um 19:10:35 unerwartet heruntergefahren. Error - 26.11.2012 14:15:08 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.11.2012 13:42:38 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.11.2012 14:13:22 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Emsisoft Anti-Malware 7.0 - Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error - 27.11.2012 14:19:30 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.11.2012 14:49:10 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 27.11.2012 14:52:20 | Computer Name = Albert-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 28.11.2012 05:31:22 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.11.2012 07:00:17 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > MfG, Albert |
29.11.2012, 06:06 | #6 |
/// Helfer-Team | Fb Downloader ändert Browser Einstellungen Sehr gut! ESET Online Scanner Vorbereitung
__________________ --> Fb Downloader ändert Browser Einstellungen |
29.11.2012, 17:07 | #7 | |
| Fb Downloader ändert Browser Einstellungen Hier das Ergebnis. Zitat:
|
29.11.2012, 19:08 | #8 |
| Fb Downloader ändert Browser Einstellungen Emisoft hat mir gerade diesen Fund gemeldet.(siehe Anhang) |
02.12.2012, 16:22 | #9 |
/// Helfer-Team | Fb Downloader ändert Browser Einstellungen Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte. |
03.12.2012, 16:11 | #10 |
| Fb Downloader ändert Browser Einstellungen Ich kann kein Logfile zu diesem Fund finden. Dieser Fund ist nicht bei einem Scan aufgetaucht sondern von einem Wächter entdeckt worden. In der Qaurantäne-Liste ist der Fund aber jetzt als Clean eingestuft. Siehe Anhang. |
04.12.2012, 20:17 | #11 |
/// Helfer-Team | Fb Downloader ändert Browser Einstellungen Dann mache einen Vollscan mit Emsisoft |
05.12.2012, 12:04 | #12 | |
| Fb Downloader ändert Browser Einstellungen Hier das Logfile. Zitat:
Ich finde leider kein entsprechendes Logfile dazu. LG, Albert |
05.12.2012, 18:34 | #13 |
/// Helfer-Team | Fb Downloader ändert Browser Einstellungen Das ist nur Adware, kannst du vernachlaessigen. Gibt es noch Probleme mit dem Rechner? |
05.12.2012, 20:55 | #14 |
| Fb Downloader ändert Browser Einstellungen Fbdownloader hat sich bis jetzt nicht wieder blicken lassen, und auch sonst läuft alles normal.(Stöhnt halt recht viel und lang beim Hochfahren oder wenn viele Fenster im Browser geöffnet sind. Hat er aber vor fbdownloader Virus auch schon gemacht. Liegt wohl an meinen Einstellungen). |
06.12.2012, 18:08 | #15 |
/// Helfer-Team | Fb Downloader ändert Browser Einstellungen 2 GB RAM sind wenig. Du solltest mal Avira und Emsisoft entfernen und Microsoft Security Essentials - Microsoft Windows probieren. |
Themen zu Fb Downloader ändert Browser Einstellungen |
browser, downloader, einfach, einstellungen, fenster, firefox, gelöscht, gen, homepage, installiert, neuem, opera, popup, probleme, programm, search, selbständig, standard, suchmaschine, system, systemstart, tab, this, trojaner-board, woche, öffnen |