| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan Speyeyes und Rogue.Live Sexurity Platinum gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.12.2012, 19:38
| #1 |
 |  Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden Hallo! Der Laptop meines Freundes schien in letzter Zeit deutlich langsamer als sonst und zeigte seit ein paar Tagen in manchen Texten worte unterstrichen an und leitete, wenn man sie anklickte, auf clickcompare.info weiter. Mir kam das ganze sehr spanisch vor, so dass ich mir nach einigem einlesen Malwarebytes Anti Malware runtergeladen hab und einen Quickscan vorgenommen hab. Ergebnis: Trojan Speyeyes und Rogue.Live Security Platinum Ich weiß allerdings überhaupt nicht, wie es jetzt weitergehen soll - ich kenn mich zwar besser mit Computern aus als mein Freund, aber weiß eigentlich nur, dass es nicht sinnvoll ist, die Dateien einfach so zu löschen. Irgendwo stand etwas von Quarantäne, aber ehrlich gesagt, hab ich nichtmal das hinbekommen. Über Hilfe wär ich also hocherfreut!  Beste Grüße, kartoffelken Edit: Lesen bildet. habjetzt erst den "für alle Hilfesuchenden" Threat gelesen und habe eben defogger und dann otl runtergeladen. Den lass ich jetzt durchlaufen und werd dann das Dingsda posten. Habe außerdem ausversehen bei Malwarebytes auf "entfernen" geklickt. Werde gleich die Dateien nachreichen. Otl.text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.12.2012 19:43:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,48% Memory free 5,99 Gb Paging File | 4,60 Gb Available in Paging File | 76,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,42 Gb Total Space | 98,85 Gb Free Space | 44,45% Space Free | Partition Type: NTFS Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 19:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.14 19:39:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe PRC - [2012.10.04 16:00:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.14 15:24:48 | 001,210,688 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.10.14 15:24:46 | 001,479,488 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2009.08.23 21:41:18 | 001,549,096 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\vpngui.exe PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009.01.20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.01.20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\stacsv.exe PRC - [2009.01.20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\AEstSrv.exe PRC - [2009.01.09 18:46:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.09 18:45:26 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.12.23 16:18:20 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe ========== Modules (No Company Name) ========== MOD - [2012.12.14 19:39:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe MOD - [2012.11.17 12:59:45 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll MOD - [2012.11.16 17:26:41 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll MOD - [2012.11.16 17:26:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll MOD - [2012.11.16 17:25:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll MOD - [2012.11.16 17:25:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll MOD - [2012.11.16 17:25:43 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll MOD - [2012.11.16 17:25:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2012.09.10 16:07:17 | 000,911,872 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\spd__du.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.08.23 21:41:22 | 000,197,424 | ---- | M] () -- C:\Windows\System32\vpnapi.dll MOD - [2008.09.23 16:21:22 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2008.07.29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2005.09.21 05:57:56 | 004,325,376 | ---- | M] () -- C:\Programme\Cisco Systems\VPN Client\qt-mt335.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.12.12 14:48:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.07 11:10:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.06 00:45:44 | 000,129,536 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc2.exe -- (Samsung UPD Service2) SRV - [2011.10.14 15:24:46 | 001,479,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.01.20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\stacsv.exe -- (STacSV) SRV - [2009.01.20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_55dec32c4954532c\AEstSrv.exe -- (AESTFilters) SRV - [2008.12.23 16:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.01.04 15:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver) DRV - [2011.10.13 16:33:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.06.26 14:34:11 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07) DRV - [2011.06.26 14:34:11 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06) DRV - [2011.06.26 14:34:11 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05) DRV - [2011.06.26 14:34:11 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04) DRV - [2011.06.26 14:34:11 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03) DRV - [2011.06.26 14:34:11 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02) DRV - [2011.06.26 14:34:11 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01) DRV - [2010.03.25 09:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 10:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.20 09:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.01.20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.01.15 11:13:00 | 007,543,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.12.23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.09.24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D4047067-EB80-4A39-AA97-44ABDE46B913}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {DB7CC1A8-78F3-448D-AABE-FAE0C189E95E} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0A129E8B-6420-4C7D-AFE7-D25850B856F6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=117116&tt=261112_yh_4812_3&babsrc=SP_ss&mntrId=7c0d487600000000000000242c2e0a08 IE - HKCU\..\SearchScopes\{DB7CC1A8-78F3-448D-AABE-FAE0C189E95E}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.rz.uni-osnabrueck.de/proxy/proxy.pac" FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.06 16:06:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 11:10:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 11:10:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 11:10:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 11:10:28 | 000,000,000 | ---D | M] [2012.11.06 16:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.27 20:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xn5poxzs.default\extensions [2012.11.06 16:45:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xn5poxzs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.23 17:58:43 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xn5poxzs.default\extensions\foxyproxy@eric.h.jung [2012.11.27 19:58:55 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\freehdsport@freehdsport.tv.xpi [2012.07.31 12:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\gophoto@gophoto.it.xpi [2012.11.13 21:30:24 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.11.17 09:58:54 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\toolbar@web.de.xpi [2012.11.23 16:36:26 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.17 09:59:02 | 000,000,911 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\11-suche.xml [2012.11.17 09:59:02 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\englische-ergebnisse.xml [2012.11.17 09:59:02 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\gmx-suche.xml [2012.11.17 09:59:02 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\lastminute.xml [2012.11.17 09:59:02 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\xn5poxzs.default\searchplugins\webde-suche.xml [2012.12.07 11:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.06 16:06:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.12.07 11:10:38 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.20 19:33:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.27 20:04:38 | 000,006,530 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.02 14:06:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.20 19:33:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.20 19:33:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 19:33:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 19:33:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.delta-search.com/?affID=117116&tt=261112_yh_4812_3&babsrc=HP_ss&mntrId=7c0d487600000000000000242c2e0a08 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\ CHR - Extension: AVG Do Not Track = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: GoPhoto.it = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\ O1 HOSTS File: ([2012.06.19 21:31:44 | 000,442,859 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15217 more lines... O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &AOL Toolbar-Suche - Reg Error: Value error. File not found O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm File not found O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F9C837D-908C-4871-8CC6-0A4721AAAB56}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C40ECEE-3D94-47FC-BD18-D044AABB47E7}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E202D364-A12F-4650-9393-FDC52DA123F0}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{206f0890-2837-11e2-913b-00238bab1061}\Shell - "" = AutoRun O33 - MountPoints2\{206f0890-2837-11e2-913b-00238bab1061}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{364aab4a-29a2-11e2-bd4c-00238bab1061}\Shell - "" = AutoRun O33 - MountPoints2\{364aab4a-29a2-11e2-bd4c-00238bab1061}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 19:41:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.14 19:11:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.14 19:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.14 19:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.14 19:11:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.14 19:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.14 11:13:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Party bei uns [2012.12.13 22:43:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.12 17:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.12.12 17:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.12.11 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2013 [2012.12.11 17:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.11 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData [2012.12.11 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013 [2012.12.11 14:06:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.12.07 11:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.27 20:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.27 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2012.11.27 20:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.11.27 20:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\File Scout [2012.11.27 19:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it [2012.11.27 19:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATDheNetTVApp.com [2012.11.15 17:10:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ideensammlung Masterarbeit [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.14 19:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.14 19:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.14 19:40:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.14 19:39:39 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.14 19:16:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.14 16:16:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.14 11:05:03 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 11:05:03 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 10:57:47 | 000,366,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.14 10:56:45 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini [2012.12.14 10:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.14 10:51:07 | 2413,498,368 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 19:30:41 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.13 13:38:01 | 000,009,003 | ---- | M] () -- C:\Users\***\Desktop\Stundenzettel Dezember.odt [2012.12.11 18:01:51 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.11 14:06:03 | 314,490,044 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.11 11:39:30 | 000,682,320 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.11 11:39:30 | 000,639,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.11 11:39:30 | 000,142,316 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.11 11:39:30 | 000,116,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.11 08:32:25 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.12.10 08:50:03 | 000,008,805 | ---- | M] () -- C:\Users\***\Desktop\Entwurf Fragebogen Masterarbeit_Frank Harloff.pdf [2012.12.01 19:41:00 | 000,008,460 | ---- | M] () -- C:\Users\***\Desktop\Merkzettel.odt [2012.12.01 18:14:16 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.14 19:40:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.14 19:39:36 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.11 18:01:51 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.11 14:06:03 | 314,490,044 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.10 08:50:02 | 000,008,805 | ---- | C] () -- C:\Users\***\Desktop\Entwurf Fragebogen Masterarbeit_Frank Harloff.pdf [2012.12.05 19:35:10 | 000,009,003 | ---- | C] () -- C:\Users\***\Desktop\Stundenzettel Dezember.odt [2012.12.01 18:14:16 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat [2012.11.27 20:22:32 | 000,093,483 | ---- | C] () -- C:\Users\***\Desktop\vshare-plugin.xpi [2012.11.26 13:14:44 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.11.15 18:26:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 18:13:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 22:21:49 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.11.12 22:21:19 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll [2012.11.12 22:21:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2012.11.12 22:21:17 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe [2012.11.12 22:21:17 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2012.11.06 18:20:28 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini [2012.11.06 17:34:01 | 000,022,140 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.10.15 11:58:06 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.07.17 12:55:20 | 000,006,855 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.2 [2011.06.23 14:22:24 | 000,000,021 | ---- | C] () -- C:\Windows\clofghls.dll [2011.06.23 14:08:14 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI [2009.09.22 15:39:52 | 000,000,124 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.06 16:45:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv [2012.12.11 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2013 [2012.11.27 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.12.08 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flood Light Games [2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FloodLightGames [2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\funkitron [2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.11.06 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek [2012.11.06 16:45:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy [2012.11.06 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteriousCaseOfJekyllAndHyde [2012.11.06 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.11.18 19:11:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.11.06 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator [2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox [2012.11.06 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 19:43:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,48% Memory free
5,99 Gb Paging File | 4,60 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 98,85 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25C16CEF-643C-43F3-A366-55FFF1F345AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BD0A003-DEBA-42F3-A535-6B7A4D38BEB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{519F0BDF-006D-4A7A-B39B-9F84517A92D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{53969A2E-3187-4AF4-9619-467D38B4A3C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F84051A-ECBE-4203-A2D7-C67A0FE98A6B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{80AE2D2F-9266-4ACD-A965-77F9DE0792FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D718FE1-E2C1-4B82-9C75-D3854F77E6EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E65708D-7E96-4D4C-9BF4-831CC65544A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD3B1388-81E7-426D-B5F9-20D50D026D92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD7832E0-CC0F-4DFE-9684-ACBBBC4E5D72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA3FDD23-7FE6-4B35-AC7C-E81CCAF803E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C543D84D-EE27-421D-8D37-4C6A5664E316}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E0BF6D86-3F1B-4FA4-AFCE-A021C165A625}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0941BB9E-BFA2-4692-99A8-71BFFEB11EDD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{0C499CFE-8F58-44ED-B36B-6DC9826197A3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{15857FC3-2CE4-4577-957D-CE84931C6BF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2F8F67FA-B02F-4FB5-A875-ECFEBF1B8E9A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{30477E00-E9FC-4369-919D-83B86A82E028}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{415B228E-7BC0-4404-8CC2-F2BE42208C59}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{43B3F5A1-CAC7-4B7E-A697-4F82D0688047}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A3C9A41-931D-4423-B5CE-03C8ECAC7038}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{4A5159C3-ECF7-450B-A325-15294D3225ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EF124FA-CECF-40F4-B246-D51274D21B2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DD9912D-52AC-43A2-917F-33318DC40916}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{672C03A0-8384-439C-8C91-38A05D23944A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{67A4103D-0200-4716-B453-F35D98F1D417}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{680AAAA4-E799-47B7-BF08-1EAD97F3F740}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A796975-6D34-42A4-BDA9-3023E39B5E30}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{7BE70267-B1C2-40A0-BB37-14EAD22BAE89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{870E6236-CC6E-4ABE-AD47-A552A659D1E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8ED344FC-1C05-4C88-A249-AF1EEFCE0933}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{AF78001D-4612-4970-8BD6-C271B723A30D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{BC6F1A31-51D8-4388-ADE3-7218113D0A02}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BC8BB9B6-27E6-48DD-87B5-23D8AD8BDDBC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BEE31758-B07A-493D-A92F-0E38CDC46622}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{C48D4C68-81BE-48B5-9764-58089F4D915E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5A1627A-84C0-427E-9844-773F9A48E38D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E168CBF9-69C9-43C5-BB79-0A729BFBA9A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9ACF33D-B456-4C0D-B183-C788C24525D8}" = protocol=6 | dir=out | app=system |
"{F5748EB9-181A-42CA-B82F-DCE2DF905AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F799B461-383F-42B8-8996-8BC7727A769B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{FDB6D39A-34BE-4013-B24B-0C209E07C760}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1889A63C-0602-43DC-85FE-06DA030AB1A5}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{73E25503-2B0B-47A6-8EE0-3DD156AFE037}C:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe |
"TCP Query User{76B27BEC-9256-4265-BBE1-EE807E93AC87}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{806F77FA-C868-4130-ABB4-4EA87DE2A500}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8D6F5F05-5BC3-463A-A200-5C2F3EBF5B98}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{980902AA-20C7-49D0-809F-F18C806C237F}C:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.2.6-gtk2\freeciv-server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3332A615-7171-4545-9012-3D0AEB693CB9}" = .NET Utilities
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5CC15D-BA72-431B-A676-0FE5F2513178}" = AVG 2013
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"AVG" = AVG 2013
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Freeciv-2.2.6-gtk2" = Freeciv 2.2.6 (GTK+ client)
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.3
"vShare" = vShare Plugin
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR
"WT078861" = Women's Murder Club - Twice in a Blue Moon
"WTA-5fb6bd6e-f398-42c4-82ec-20a1ddd55b9c" = The Mysterious Case of Dr. Jekyll and Mr. Hyde
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2012 04:31:54 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Error - 04.05.2012 09:51:23 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 04.05.2012 09:51:36 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error - 05.05.2012 04:29:05 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 05.05.2012 04:29:15 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error - 06.05.2012 03:21:21 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error - 06.05.2012 03:21:21 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 07.05.2012 02:07:44 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 07.05.2012 02:07:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error - 07.05.2012 06:41:38 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 07.05.2012 06:41:57 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error - 08.05.2012 01:13:38 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 08.05.2012 01:13:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error - 08.05.2012 08:08:24 | Computer Name = ***-PC | Source = WinMgmt | ID
= 10
Description =
Error - 08.05.2012 08:08:24 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2
| ID = 131083
Description =
Error encountered while reading event logs.
< End of report >
GMER hängt sich auf, immer wenn unten "Device/harddiskvolumeshadowcopy3" steht. Geändert von kartoffelken (14.12.2012 um 20:18 Uhr) |
| Themen zu Trojan Speyeyes und Rogue.Live Sexurity Platinum gefunden |
| acedrv05.sys, anti, audiograbber, besser, computer, computern, dateien, einfach, einlesen, filescout.exe, free download, gefunde, gophoto, install.exe, intranet, klick, langsamer, laptop, launch, malwarebytes, office 2007, platinum, plug-in, quarantäne, runtergeladen, safer networking, sinnvoll, spanisch, tagen, tarma, texte, troja, trojan, unterstrichen, usb 2.0, voll, weitergehen, wildtangent games, worte, worte unterstrichen, überhaupt |
Baum-Darstellung