| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer hängt ständig - Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2012, 21:30
| #1 |
 |  Computer hängt ständig - Trojaner? Hey, also wie schon im Titel beschrieben, hängt mein PC ständig. Teilweise erscheint beim Starten/nach der Anmeldung auch nur erst ein komplett schwarzer, dann ein weißer Bildschirm und bis ich dann mal mit dem Computer arbeiten kann, dauerts dementsprechend eine Weile. (kann bis zu einer halben, 3/4 Stunde dauern. Für die heutige Zeit doch ein wenig doof) Meistens hängt er alle 2 Minuten und selbst der Task Manager zeigt dann keine Rückmeldung (Was ziemlich depremierend ist ) Nicht nur im Internet ist er lahm und hängt sondern auch, wenn ich vielleicht mal ein Bild anschauen möchte, eine Datei in den Papierkorb schiebe und, und, und... Nun hab ich mich hier im Forum ein wenig umgesehen und mir auch Malwarebytes runtergeladen und einen vollständigen Scan durch geführt. Welch Wunder, natürlich wurden infizierte Dateien gefunden. Es heißt ja jetzt, dass man auf keinen Fall von anderen Threads Lösungsvorschläge übernehmen soll, deshalb fände ich es wunderbar, wenn mir jemand helfen könnte. Vor allem für die baldige Arbeit bräuchte ich einen PC der (muss auch nicht ganz) einwandfrei funktioniert. Vielen, vielen lieben Dank schon mal im Vorraus! (Falls das Problem behoben wird oder generell jemand sich die Zeit nimmt schicke ich in Gedanken einen Korb voll Muffins oder Alternativ einen Kasten Bier  )Hier das Ergebnis von der Anti-Maleware: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Holly :: HOLLY-PC [Administrator] Schutz: Aktiviert 12.11.2012 18:35:00 mbam-log-2012-11-12 (18-35-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366418 Laufzeit: 1 Stunde(n), 8 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Holly\AppData\Local\Temp\nsd7C52.tmp\InstallManager.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\CatLickingScreenCleaner.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\LickingDogScreen_downloader(1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\LickingDogScreen_downloader.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und von OTL: OTL logfile created on: 12.11.2012 20:07:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,26% Memory free 6,00 Gb Paging File | 4,38 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 859,11 Gb Free Space | 93,64% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Holly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (Realtek11nSU) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE480DE470 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEQrW73a&i=26 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.478 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEQrW73a&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.24 19:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.24 19:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 14:11:26 | 000,000,000 | ---D | M] [2012.02.04 19:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Extensions [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions [2012.06.13 18:39:09 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\ffxtlbr@incredibar.com [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\foxyproxy@eric.h.jung [2012.06.13 18:39:03 | 000,002,203 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\mozilla\firefox\profiles\cs67qn64.default\searchplugins\MyStart Search.xml [2012.06.18 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.24 19:47:57 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.18 14:11:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled) CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Angry Birds = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Web Assistant = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ CHR - Extension: Plants vs Zombies = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Facebook Notifications = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{719D0F0D-6238-4220-86B1-A081EFA89FF8}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 18:39:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe [2012.11.12 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Malwarebytes [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.12 18:33:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.12 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.12 18:33:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Holly\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.12 10:37:51 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apple Computer [2012.11.12 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Apple Computer [2012.11.12 10:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.12 10:37:15 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.11.12 10:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.11.12 10:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.11.12 10:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.11.03 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Avira [2012.11.03 12:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 12:52:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.03 12:52:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.03 12:51:59 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.28 20:29:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Daedalic Entertainment [2012.10.28 20:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.10.28 20:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.10.28 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2012.10.28 13:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2012.10.28 13:52:45 | 019,438,992 | ---- | C] (Tracker Software Products Ltd ) -- C:\Users\Holly\Documents\PDFXVwer.exe [2012.10.28 13:48:57 | 000,373,456 | ---- | C] (Softonic) -- C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe [2012.10.21 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\dvdcss [2009.10.29 07:09:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.11.12 20:03:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 19:49:12 | 000,022,453 | ---- | M] () -- C:\Users\Holly\Desktop\Trojaner.odt [2012.11.12 18:41:25 | 000,050,477 | ---- | M] () -- C:\Users\Holly\Desktop\Defogger.exe [2012.11.12 18:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe [2012.11.12 18:33:38 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.12 18:33:23 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Holly\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.12 18:13:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 18:13:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 18:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 18:05:48 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 10:37:47 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.10 18:46:23 | 000,010,562 | ---- | M] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.09 19:30:18 | 000,127,237 | ---- | M] () -- C:\Users\Holly\Desktop\Praktikum_2013.pdf [2012.11.07 21:37:58 | 001,527,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.07 21:37:58 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.07 21:37:58 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.07 21:37:58 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.07 21:37:58 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.07 12:20:33 | 000,002,387 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.03 12:52:18 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.28 18:05:34 | 000,076,015 | ---- | M] () -- C:\Users\Holly\Documents\397340_453006064738454_624886939_n.jpg [2012.10.28 18:05:29 | 000,074,900 | ---- | M] () -- C:\Users\Holly\Documents\486675_453006088071785_188558932_n.jpg [2012.10.28 18:05:24 | 000,061,459 | ---- | M] () -- C:\Users\Holly\Documents\26630_453013251404402_358415169_n.jpg [2012.10.28 18:05:16 | 000,064,711 | ---- | M] () -- C:\Users\Holly\Documents\525011_453197651385962_1340122972_n.jpg [2012.10.28 18:05:09 | 000,038,592 | ---- | M] () -- C:\Users\Holly\Documents\229797_453197671385960_1444828907_n.jpg [2012.10.28 18:04:18 | 000,123,342 | ---- | M] () -- C:\Users\Holly\Documents\527272_453197751385952_25683797_n.jpg [2012.10.28 13:52:56 | 019,438,992 | ---- | M] (Tracker Software Products Ltd ) -- C:\Users\Holly\Documents\PDFXVwer.exe [2012.10.28 13:48:57 | 000,373,456 | ---- | M] (Softonic) -- C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe ========== Files Created - No Company Name ========== [2012.11.12 20:07:48 | 000,000,110 | -H-- | C] () -- C:\Users\Holly\Desktop\.~lock.Trojaner.odt# [2012.11.12 19:49:10 | 000,022,453 | ---- | C] () -- C:\Users\Holly\Desktop\Trojaner.odt [2012.11.12 18:41:25 | 000,050,477 | ---- | C] () -- C:\Users\Holly\Desktop\Defogger.exe [2012.11.12 18:33:38 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.12 10:37:47 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.12 10:36:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.10 18:46:21 | 000,010,562 | ---- | C] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.09 19:30:17 | 000,127,237 | ---- | C] () -- C:\Users\Holly\Desktop\Praktikum_2013.pdf [2012.11.03 12:52:18 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.28 18:05:34 | 000,076,015 | ---- | C] () -- C:\Users\Holly\Documents\397340_453006064738454_624886939_n.jpg [2012.10.28 18:05:29 | 000,074,900 | ---- | C] () -- C:\Users\Holly\Documents\486675_453006088071785_188558932_n.jpg [2012.10.28 18:05:24 | 000,061,459 | ---- | C] () -- C:\Users\Holly\Documents\26630_453013251404402_358415169_n.jpg [2012.10.28 18:05:16 | 000,064,711 | ---- | C] () -- C:\Users\Holly\Documents\525011_453197651385962_1340122972_n.jpg [2012.10.28 18:05:09 | 000,038,592 | ---- | C] () -- C:\Users\Holly\Documents\229797_453197671385960_1444828907_n.jpg [2012.10.28 18:04:18 | 000,123,342 | ---- | C] () -- C:\Users\Holly\Documents\527272_453197751385952_25683797_n.jpg [2012.10.10 12:12:00 | 000,002,088 | ---- | C] () -- C:\Users\Holly\.recently-used.xbel [2012.06.03 17:52:04 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.05.02 17:17:45 | 000,000,093 | ---- | C] () -- C:\Users\Holly\AppData\Local\fusioncache.dat [2012.05.02 17:16:24 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.24 09:34:15 | 000,005,120 | ---- | C] () -- C:\Users\Holly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.21 22:33:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.03.08 13:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Drivers [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Devices [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic [2012.03.08 13:05:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.08 13:05:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices [2012.03.04 20:36:58 | 000,013,078 | ---- | C] () -- C:\Windows\wininit.ini [2012.02.27 11:42:38 | 000,000,432 | ---- | C] () -- C:\Users\Holly\AppData\Local\HamsterVideoConverterSettings.cfg [2012.02.04 19:47:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.02.03 15:48:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.07 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\3v [2012.07.15 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\A2 Entertainment [2012.03.21 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Alawar [2012.07.16 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\aliasworlds [2012.07.05 11:46:36 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Artifex Mundi [2012.03.21 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Be a King 2 [2012.03.24 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Boolat Games [2012.07.01 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\DailyMagic [2012.02.12 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\eMachines Drivers Update Utility [2012.03.24 23:20:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ERS G-Studio [2012.10.01 18:27:45 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ewycm [2012.04.22 12:39:14 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\FileZilla [2012.10.01 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Fituih [2012.03.23 11:51:19 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\GameInvest [2012.09.26 13:17:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\gtk-2.0 [2012.10.04 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Hero [2012.06.19 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ICQ [2012.03.08 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Islands2 [2012.10.01 17:13:06 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Isuk [2012.07.04 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Lazy Turtle Games [2012.07.12 17:00:30 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Leadertech [2012.02.05 12:14:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\MAGIX [2012.07.01 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Maximize Games [2012.03.08 13:31:45 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Nikon [2012.10.11 10:21:09 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Nokia [2012.02.04 20:08:23 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\OpenOffice.org [2012.02.11 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Opera [2012.10.10 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PC Suite [2012.08.13 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\pdfforge [2012.03.05 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Peace Craft [2012.03.04 23:48:42 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PeaceCraft3 [2012.03.27 10:45:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ph03nixNewMedia [2012.07.03 15:53:03 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PlayFirst [2012.07.17 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Playrix Entertainment [2012.08.13 09:57:18 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Samsung [2012.02.14 00:44:09 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Sony [2012.03.26 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\SulusGames [2012.09.27 15:14:30 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Systweak [2012.10.04 12:17:49 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Taba [2012.10.04 12:43:08 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Teca [2012.03.25 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Top Evidence [2012.02.09 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ViquaSoft [2012.03.07 11:07:02 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\WendigoStudios [2012.03.28 10:46:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\YoudaGames [2012.08.13 09:56:58 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Samsung ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:AEEC88F6 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E9900C74 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AE289451 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP  453E38B@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:C9BC8592 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:393F7B1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP 2397415@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A6B07419 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2B9555D8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C9B27A06 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4B244549 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:474022C7 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:04ADB7A6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:03D08225 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP 4558A0B@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:30E0D641 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:47A24D4B @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E5F8E280 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP CA79AB3@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:27F44544 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3C0887BF @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:73B78E79 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AC0528D9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FECEF728 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B07E6F4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:99C301D0 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35629AE6 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:063969F8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:15752405 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:3766E957 < End of report > OTL Extras OTL Extras logfile created on: 12.11.2012 20:07:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,26% Memory free 6,00 Gb Paging File | 4,38 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 859,11 Gb Free Space | 93,64% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B3DBFDA-0444-44C9-8B9D-868BD1248003}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BD6999D-B982-49F7-9D40-D523356D4977}" = lport=137 | protocol=17 | dir=in | app=system | "{0FDE3E21-5A5D-4664-B55E-C02E3245490B}" = rport=139 | protocol=6 | dir=out | app=system | "{11997C98-C340-48B6-9A3B-95FC6778084E}" = rport=138 | protocol=17 | dir=out | app=system | "{11CC0787-B9E1-4723-9AF0-870F3BEA6588}" = lport=2869 | protocol=6 | dir=in | app=system | "{177C2D56-F32F-46E4-BFF9-5F50113D5198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2443997D-39EB-4C0D-AE90-4F7DF9F7990E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{2EB8885B-0410-4355-9BC0-2BF8DEAA62FB}" = rport=137 | protocol=17 | dir=out | app=system | "{4B46EB79-12FE-4F2A-91D8-3B149994835A}" = rport=445 | protocol=6 | dir=out | app=system | "{4BB960F0-6B01-45B1-A716-BEE68BAD3438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CFE1AD3-67F3-45E7-81DD-1CA4C1CA4936}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52A9CB31-C4A4-4CC9-8DD4-B3DE236C4019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{63581111-8B58-4C9A-BA59-F86DBB601E23}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{657BCB93-69B9-48C0-B9A9-42A49ADD4415}" = lport=139 | protocol=6 | dir=in | app=system | "{679119ED-D2D2-4FB2-B3F1-A31476781673}" = lport=10243 | protocol=6 | dir=in | app=system | "{6D12D772-BD53-4045-8E48-E39570D14F04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E12649F-5607-477D-8747-6621D0405200}" = lport=2869 | protocol=6 | dir=in | app=system | "{71569EF8-594D-4020-95F3-D064090741EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7EAD29FA-CA7F-431B-B50B-A6B516C9433A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87497B38-C438-4249-B179-97C59AB69FBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8DD2D3EA-778A-426E-A9E8-9A22A5CF372C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8FDDB1D6-461C-46B0-8C34-B2699F7ADBB0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{915E6490-678A-4ACD-89F3-C13A4BCD39D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{946E212C-1B4F-4B8C-AE76-D411DD593AF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{949872DA-F687-4181-ACE6-3F81E01C224D}" = rport=10243 | protocol=6 | dir=out | app=system | "{A1DEB659-B539-406B-AE65-6CD230FD88D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9D4CC51-793C-49BE-AE5B-20AF3A56D9C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF0F5924-2F10-4C4A-9320-EA17901AD405}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C476D948-34AE-4DCE-B7D2-AC20F3CA0C87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CD6CB58C-96A4-42DE-BBEA-FE54F8BFED52}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{D334148B-FBCD-47A5-ACF8-D8979234F260}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D9327A3D-1C46-4BE8-90F6-F8782ED364E8}" = lport=138 | protocol=17 | dir=in | app=system | "{DF27A6DB-4ADB-4DBB-95CE-81E68F5E1D5A}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{F3551E64-4756-4AC5-A0E0-7D014B345E90}" = lport=445 | protocol=6 | dir=in | app=system | "{FA621F5F-0A65-4034-889D-C060C4FCCA09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD5FDB4C-F692-4085-B645-275F800FF387}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{036F2CA4-2152-4989-BBED-E6A71149B7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{05D5DC64-8D43-4037-8C92-5125BC52FE43}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe | "{087BD802-3F91-492E-8AAF-8B4104C34E2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{095BB923-7F87-450D-A34E-5D8D61D4970F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D0F5963-11CD-4F70-832D-077A9C989F0C}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe | "{0DC585B8-1B3C-4C42-AC9C-462C1EA125E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{0F2B777B-EA02-462B-A84D-7BA6A26B944B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{14DACBCA-B089-487B-9833-A7FAF10BF737}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{174D1878-96A8-4938-B4BB-225B4F3878E4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1BD3F9CD-C4A6-4F82-9DAF-631810AC0834}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{1BFD5554-F7C7-47B4-BEDA-6F8ABCA01449}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{1CB598E7-6FD9-4E5E-8051-648E2AF46AB7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1F673594-66FE-4D29-9142-9627423CD599}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{26FF9933-6442-41AA-AC5A-39FC5D2AD34E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{2848522C-EB25-40A3-9084-9450D35D08BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{28D25042-1B5C-4B90-8B71-D6490ABFAB11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{29114D44-D833-47FF-B2F4-9B8202A38D92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{29F29B48-8BED-44FF-BB34-8C77117AA009}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2AAD3FE4-2835-4C08-9D90-ABDEC137CFDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2E17A58E-6B54-45C5-9149-D9FA845D4FCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{30EDE398-7FEE-4660-979F-ED93BE7CDF11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{32988AB2-3B18-4BC8-B964-332DC0A9D059}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33D9063D-F11C-4AFF-8903-A50206398254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{395F3F72-E463-4398-A9F3-5AFABB30831D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3CC14A62-1A19-479D-A397-2B458E941397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5CE9000E-7793-47C5-AB09-C2D3515D9D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | "{603B2745-FD5A-41BE-8E76-2B9A8232CD01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6746F7A3-D622-4931-AD1E-DB4C7A512751}" = protocol=6 | dir=out | app=system | "{68FB0663-63FF-4007-8B5A-5E2129C0C2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{6CAC2253-50EF-4F88-A91A-8EEB2EAEAAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{708E6793-9FD2-4047-8F2C-376403C04918}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | "{71CC7D71-0D9C-4701-8E89-A1E6DD74C1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{75257F08-58F6-4F48-AE15-22ADB9462D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{756CA6A3-ABD0-4B0E-86AB-D6EFC0E89987}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{7B76BC88-4840-4F4F-A933-5FB63C0C4C7A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{8A999F48-5462-48EF-B625-A81F58DD4B52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8B0B8143-50E1-42F6-B5D8-513524538DF8}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{9194BEC6-7FFA-4B29-9846-8F6DC81D43D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9276E005-8DDD-4FA4-A9BC-E2CB992BB644}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{93C9662B-BC7E-491C-AE1E-1520F91E9440}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9B7B881F-23B7-4699-96F1-4AE7380520DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9BD60B84-9CF7-4184-8587-C4D2D7FBB8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9CFE09D1-832A-4293-AEC6-358B718BDD87}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{9F020372-1CED-4EB7-806D-E4F2BB2677CB}" = protocol=17 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe | "{A52AA55E-5675-47CE-95AF-BDC92A2BBC18}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{B462FCE4-2F06-47F6-BF91-75A5734D6B3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B62A4A38-5743-4675-9D92-32E1FA32EA06}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{BD9BC4C4-25A9-4C30-AAFB-B0F287A04DA6}" = protocol=6 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe | "{C708378F-FA00-4EC6-B295-788FCC2703E1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CC61D8B8-2F46-47C6-A5ED-65DB53FF7B64}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{CCB23B3A-19F6-48E3-808E-0454A8E88364}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{D0631B2B-46D9-4297-9A05-08CED0BC26BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D83DD9DB-C701-4F2D-A68E-806851534F97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{D969251B-133B-4993-A64F-B46C8446C1F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D9D525DA-261F-4361-9D2E-9BF65D7D45A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D9E4FB79-F32E-4E9F-A820-8B8FBD4A90D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA235B6D-0F78-4645-9AEB-88E9A2370345}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DA5F27CC-67DB-446B-A719-A668484CF461}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{DD8A503F-3380-4520-861D-433A4A2643C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E116897C-CFBE-4629-A251-1EDE56FA825D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E290888F-989C-497B-9EE7-73B982226B12}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F3F96D9F-ED9F-4F6C-B086-DFB5C86CE811}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{F42B01A9-ACE3-4793-8388-5294BE17ED36}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{6B0A90A5-347F-4C09-80E7-05BB4E8775F5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "UDP Query User{37C07ED4-7D4B-4201-8E8B-C41303997472}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A7096369-9332-466C-8357-08770CDCE277}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "CCleaner" = CCleaner "lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WinGimp-2.0_is1" = GIMP 2.6.8 "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{092D4427-C1D9-43C0-B1BB-C8BCFE67D5C0}" = Windows Tweaker 4.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CC4C262-FE40-433D-A8B4-CC3EE18032CE}_is1" = Fallen City version 1.0 "{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 300N X2 USB Wireless LAN Driver and Utility "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6 "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}" = Nero 9 Essentials "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "BFGC" = Big Fish Games: Game Manager "eMachines Drivers Update Utility_is1" = eMachines Drivers Update Utility "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "Harvey" = Harveys Neue Augen Demo "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Opera 12.10.1652" = Opera 12.10 "Samsung ML-2950 Series" = Samsung ML-2950 Series "Samsung Printer Live Update" = Samsung Printer Live Update "VLC media player" = VLC media player 2.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "RadarSync PC Updater 2011" = RadarSync PC Updater 2011 (driver updates & patches) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 24.10.2012 10:24:42 | Computer Name = Holly-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454, Zeitstempel: 0x4f5ecbd4 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset: 0x6dd08ce3 ID des fehlerhaften Prozesses: 0xb2c Startzeit der fehlerhaften Anwendung: 0x01cdb1e999e58e78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll Berichtskennung: 8c8b6964-1de6-11e2-9e0d-002511659ce9 Error - 25.10.2012 06:27:51 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.10.2012 06:28:56 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.07.2012 19:23:30 | Computer Name = Holly-PC | Source = DCOM | ID = 10010 Description = Error - 30.07.2012 19:01:33 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FontCache3.0.0.0 erreicht. Error - 31.07.2012 03:12:34 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error - 02.08.2012 05:25:45 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NVIDIA Update Service Daemon erreicht. Error - 02.08.2012 05:26:48 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.08.2012 05:33:26 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. < End of report > |
|
14.11.2012, 21:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Computer hängt ständig - Trojaner? Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Hast du noch weitere Logs mit Funden? Das bezieht sich nicht nur auf Malwarebytes. Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten
__________________ |
|
15.11.2012, 14:40
| #3 |
| | Computer hängt ständig - Trojaner? Hallo und jetzt schon mal Danke für die Zeit, die du dir nimmst
__________________Hier ist das Ergebnis von Avira Antivirus Programm: Exportierte Ereignisse: 12.11.2012 20:03 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Holly\AppData\Roaming\Microsoft\Windows\unicode2.nls' enthielt einen Virus oder unerwünschtes Programm 'TR/Symmi.1984.9' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5930d60b.qua' verschoben! 12.11.2012 19:43 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Holly\AppData\Roaming\Microsoft\Windows\unicode2.nls' wurde ein Virus oder unerwünschtes Programm 'TR/Symmi.1984.9' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 12.11.2012 18:56 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Holly\AppData\Roaming\Microsoft\Windows\unicode2.nls' wurde ein Virus oder unerwünschtes Programm 'TR/Symmi.1984.9' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 12.11.2012 18:56 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Holly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\654c6f6f-2a4bf 2fe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Karagany.I.382' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Von ESET Online Scan: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a085d21375523c449f4be6ed920a6c11 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-15 12:23:31 # local_time=2012-11-15 01:23:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 1035115 1035115 0 0 # compatibility_mode=5893 16776573 100 94 129723 104604881 0 0 # compatibility_mode=8192 67108863 100 0 3699 3699 0 0 # scanned=172109 # found=2 # cleaned=2 # scan_time=7180 C:\Users\Holly\AppData\Local\Temp\nso8DEF.tmp\incoctrl.exe Win32/InstallMonetizer.AD Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe Variante von Win32/SoftonicDownloader.E Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C Und von Emsisoft Anti Malware: Emsisoft Anti-Malware - Version 7.0 Letztes Update: 15.11.2012 11:40:46 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 15.11.2012 12:41:01 C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5930d60b.qua -> (Quarantine-8) gefunden: Gen:Variant.Symmi.3088 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5c6a59fc.qua -> (Quarantine-8) gefunden: Gen:Variant.Zusy.19455 (B) Gescannt 477897 Gefunden 2 Scan Ende: 15.11.2012 14:37:56 Scan Zeit: 1:56:55 |
|
15.11.2012, 17:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt ständig - Trojaner? 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 22:44
| #5 |
| | Computer hängt ständig - Trojaner? aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-18 21:52:27 ----------------------------- 21:52:27.670 OS Version: Windows x64 6.1.7601 Service Pack 1 21:52:27.670 Number of processors: 2 586 0x170A 21:52:27.670 ComputerName: HOLLY-PC UserName: Holly 21:52:30.447 Initialize success 21:52:44.565 AVAST engine defs: 12111801 21:53:03.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b 21:53:03.833 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3 21:53:03.880 Disk 0 MBR read successfully 21:53:03.880 Disk 0 MBR scan 21:53:03.880 Disk 0 unknown MBR code 21:53:03.895 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048 21:53:03.926 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176 21:53:03.958 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976 21:53:04.004 Disk 0 scanning C:\Windows\system32\drivers 21:53:19.699 Service scanning 21:53:38.669 Modules scanning 21:53:38.669 Disk 0 trace - called modules: 21:53:38.700 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 21:53:39.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034d4610] 21:53:39.215 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003260c20] 21:53:39.230 5 ACPI.sys[fffff88000d837a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8003013060] 21:53:41.118 AVAST engine scan C:\Windows 21:53:44.503 AVAST engine scan C:\Windows\system32 21:56:26.323 AVAST engine scan C:\Windows\system32\drivers 21:56:37.726 AVAST engine scan C:\Users\Holly 22:02:07.498 AVAST engine scan C:\ProgramData 22:03:22.786 Scan finished successfully 22:42:48.071 Disk 0 MBR has been saved successfully to "C:\Users\Holly\Desktop\MBR.dat" 22:42:48.081 The log file has been saved successfully to "C:\Users\Holly\Desktop\aswMBR.txt" |
|
18.11.2012, 23:20
| #6 |
| | Computer hängt ständig - Trojaner? Ich hoffe es hat funktioniert mit dem "zippen"  |
|
18.11.2012, 23:26
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt ständig - Trojaner? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 23:46
| #8 |
| | Computer hängt ständig - Trojaner? Adw Cleaner Report |
|
19.11.2012, 10:45
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt ständig - Trojaner? Die Logs bitte NICHT anhängen!! Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden! Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei! Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 11:37
| #10 |
| | Computer hängt ständig - Trojaner? Die Logs vom TDSSKILLER und Adw Cleaner Report sind zu groß bzw. haben zuviele Zeichen um sie direkt zu posten. D.h. ich soll die beiden Logs zusammen in EINE ZIP - Datei anhängen? |
|
19.11.2012, 11:53
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt ständig - Trojaner? Das vom adwCleaner war aber nicht zu groß Und wenn du schon gezippte Logs in den Anhang packst, dann nicht für jedes Log eine separate ZIP-Datei, sondern ALLE Logs in eine gemeinsame ZIP
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 17:57
| #12 |
| | Computer hängt ständig - Trojaner? Es hieß der adW Cleaner Log wäre zu groß gewesen. Ist es jetzt so richtig? :/ (Ich bin nicht so bewandert in diesen Sachen, sorry) Code:
ATTFilter # AdwCleaner v2.008 - Datei am 18/11/2012 um 23:34:26 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Holly - HOLLY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Holly\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Web Assistant Updater
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\Program Files\Web Assistant
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gefunden : C:\Users\Holly\AppData\LocalLow\incredibar.com
Ordner Gefunden : C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\Holly\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26
-\\ Mozilla Firefox v16.0.1 (de)
Profilname : default
Datei : C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26");
Gefunden : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,foxyproxy@eric.h.jung:4.0.2,{336[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "DE");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10665");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "D2BF7951FBB008229551AA1ADAAAA037");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "e88eeec4000000000000000cf6c5c7f3");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15504");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:39:09");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEQrW73a&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6OyEQrW73a");
Gefunden : user_pref("extensions.incredibar.upn2n", "92261579514579008");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:39:09");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10665");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "e88eeec4000000000000000cf6c5c7f3");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15504");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEQrW73a&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyEQrW73a");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92261579514579008");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:39:09");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEQrW73a&&i=26&search="[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.10.1652.0
Datei : C:\Users\Holly\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [11482 octets] - [18/11/2012 23:34:26]
########## EOF - C:\AdwCleaner[R1].txt - [11543 octets] ##########
Geändert von cosinus (19.11.2012 um 19:13 Uhr) |
|
19.11.2012, 19:12
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt ständig - Trojaner? Entpackt belegt das Log aber vom adwCleaner nur 12 kB und das ist etwa nur ein Zehntel von dem was erlaubt ist Das Log vom TDSS-Killer hast du doch außerdem schon oben angehangen wieso muss das nochmal als ZIP-Datei in den Anhang, welchen Sinn & Zweck erfüllt das? Es hätte gereicht, wenn du einfach das Log von adwCleaner richtig gepostet hättest. Ich korrigier mal. adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 14:24
| #14 |
| | Computer hängt ständig - Trojaner? Ich übergehe jetzt einfach die letzte Antwort und poste einfach still und leise den nächsten Log vom ADW Cleaner Code:
ATTFilter # AdwCleaner v2.008 - Datei am 20/11/2012 um 13:35:55 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Holly - HOLLY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Holly\Documents\Trojaner Forum\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Web Assistant Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\Holly\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\Holly\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.1 (de)
Profilname : default
Datei : C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\prefs.js
C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\cs67qn64.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26");
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,foxyproxy@eric.h.jung:4.0.2,{336[...]
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10665");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "D2BF7951FBB008229551AA1ADAAAA037");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "e88eeec4000000000000000cf6c5c7f3");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15504");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:39:09");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEQrW73a&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6OyEQrW73a");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92261579514579008");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:39:09");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10665");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "e88eeec4000000000000000cf6c5c7f3");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15504");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEQrW73a&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyEQrW73a");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261579514579008");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:39:09");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEQrW73a&&i=26&search="[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.10.1652.0
Datei : C:\Users\Holly\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11227 octets] - [20/11/2012 13:36:01]
########## EOF - C:\AdwCleaner[S1].txt - [11288 octets] ##########
Code:
ATTFilter OTL logfile created on: 20.11.2012 14:23:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Documents\Trojaner Forum 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,17% Memory free 6,00 Gb Paging File | 4,05 Gb Available in Paging File | 67,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 855,08 Gb Free Space | 93,21% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 298,09 Gb Total Space | 116,83 Gb Free Space | 39,19% Space Free | Partition Type: NTFS Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Holly\Documents\Trojaner Forum\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (Realtek11nSU) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE480DE470 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.14 11:45:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.04 19:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Extensions [2012.11.20 13:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\foxyproxy@eric.h.jung [2012.06.18 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX File not found (No name found) -- C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CS67QN64.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM [2012.11.14 11:45:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.14 11:45:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.14 11:45:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.14 11:45:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.14 11:45:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.14 11:45:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.14 11:45:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled) CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Angry Birds = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Plants vs Zombies = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Facebook Notifications = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{719D0F0D-6238-4220-86B1-A081EFA89FF8}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 23:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012.11.18 23:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.11.18 23:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012.11.18 21:22:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.15 14:27:59 | 000,000,000 | ---D | C] -- C:\Users\Holly\Documents\Trojaner Forum [2012.11.15 11:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.11.15 11:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.11.15 11:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.11.14 18:16:34 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.14 18:16:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.14 18:10:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.14 18:10:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.14 18:10:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.14 18:10:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.14 18:10:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.14 18:10:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.14 18:10:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.14 18:10:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.14 18:10:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.14 18:10:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.14 18:10:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.14 18:10:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.14 18:10:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.14 18:10:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.14 18:10:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.14 18:09:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.14 18:09:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.14 18:09:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.14 18:09:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.14 13:36:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 13:36:13 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 13:36:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 13:36:06 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 13:36:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 13:36:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 13:36:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 13:36:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 13:36:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 13:35:50 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 13:35:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.14 11:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.14 11:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.12 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Malwarebytes [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.12 18:33:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.12 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.12 10:37:51 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apple Computer [2012.11.12 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Apple Computer [2012.11.12 10:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.12 10:37:15 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.11.12 10:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.11.12 10:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.11.12 10:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.11.03 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Avira [2012.11.03 12:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 12:52:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.03 12:52:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.03 12:51:59 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.28 20:29:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Daedalic Entertainment [2012.10.28 20:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.10.28 20:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.10.28 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2012.10.28 13:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2012.10.21 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\dvdcss [2009.10.29 07:09:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.11.20 14:19:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 14:19:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 14:12:41 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.20 13:56:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 13:56:38 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.11.19 00:10:05 | 000,059,413 | ---- | M] () -- C:\Users\Holly\Desktop\5867749_700b.jpg [2012.11.18 21:22:30 | 442,718,460 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.15 12:10:17 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012.11.15 08:07:38 | 000,375,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 18:18:08 | 001,547,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.14 18:18:08 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.14 18:18:08 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.14 18:18:08 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.14 18:18:08 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.14 16:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 16:50:32 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.10 18:46:23 | 000,010,562 | ---- | M] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.07 12:20:33 | 000,002,387 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.03 12:52:18 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012.11.19 00:09:47 | 000,059,413 | ---- | C] () -- C:\Users\Holly\Desktop\5867749_700b.jpg [2012.11.18 21:22:30 | 442,718,460 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.15 12:07:13 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012.11.14 18:16:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 18:09:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 10:36:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.10 18:46:21 | 000,010,562 | ---- | C] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.03 12:52:18 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.10 12:12:00 | 000,002,088 | ---- | C] () -- C:\Users\Holly\.recently-used.xbel [2012.06.03 17:52:04 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2012.05.02 17:17:45 | 000,000,093 | ---- | C] () -- C:\Users\Holly\AppData\Local\fusioncache.dat [2012.05.02 17:16:24 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.24 09:34:15 | 000,005,120 | ---- | C] () -- C:\Users\Holly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.21 22:33:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.03.08 13:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Drivers [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Devices [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic [2012.03.08 13:05:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.08 13:05:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices [2012.03.04 20:36:58 | 000,013,078 | ---- | C] () -- C:\Windows\wininit.ini [2012.02.27 11:42:38 | 000,000,432 | ---- | C] () -- C:\Users\Holly\AppData\Local\HamsterVideoConverterSettings.cfg [2012.02.04 19:47:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.02.03 15:48:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:AEEC88F6 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E9900C74 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AE289451 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D453E38B @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:C9BC8592 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:393F7B1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D2397415 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A6B07419 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2B9555D8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C9B27A06 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4B244549 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:474022C7 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:04ADB7A6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:03D08225 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D4558A0B @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:30E0D641 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:47A24D4B @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E5F8E280 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DCA79AB3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:27F44544 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3C0887BF @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:73B78E79 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AC0528D9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FECEF728 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B07E6F4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:99C301D0 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35629AE6 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:063969F8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:15752405 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:3766E957 < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 14:23:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Documents\Trojaner Forum
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,17% Memory free
6,00 Gb Paging File | 4,05 Gb Available in Paging File | 67,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,41 Gb Total Space | 855,08 Gb Free Space | 93,21% Space Free | Partition Type: NTFS
Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 298,09 Gb Total Space | 116,83 Gb Free Space | 39,19% Space Free | Partition Type: NTFS
Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3DBFDA-0444-44C9-8B9D-868BD1248003}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BD6999D-B982-49F7-9D40-D523356D4977}" = lport=137 | protocol=17 | dir=in | app=system |
"{0FDE3E21-5A5D-4664-B55E-C02E3245490B}" = rport=139 | protocol=6 | dir=out | app=system |
"{11997C98-C340-48B6-9A3B-95FC6778084E}" = rport=138 | protocol=17 | dir=out | app=system |
"{11CC0787-B9E1-4723-9AF0-870F3BEA6588}" = lport=2869 | protocol=6 | dir=in | app=system |
"{177C2D56-F32F-46E4-BFF9-5F50113D5198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2443997D-39EB-4C0D-AE90-4F7DF9F7990E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{2EB8885B-0410-4355-9BC0-2BF8DEAA62FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B46EB79-12FE-4F2A-91D8-3B149994835A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4BB960F0-6B01-45B1-A716-BEE68BAD3438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CFE1AD3-67F3-45E7-81DD-1CA4C1CA4936}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52A9CB31-C4A4-4CC9-8DD4-B3DE236C4019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63581111-8B58-4C9A-BA59-F86DBB601E23}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{657BCB93-69B9-48C0-B9A9-42A49ADD4415}" = lport=139 | protocol=6 | dir=in | app=system |
"{679119ED-D2D2-4FB2-B3F1-A31476781673}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6D12D772-BD53-4045-8E48-E39570D14F04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E12649F-5607-477D-8747-6621D0405200}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71569EF8-594D-4020-95F3-D064090741EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EAD29FA-CA7F-431B-B50B-A6B516C9433A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87497B38-C438-4249-B179-97C59AB69FBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DD2D3EA-778A-426E-A9E8-9A22A5CF372C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FDDB1D6-461C-46B0-8C34-B2699F7ADBB0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{915E6490-678A-4ACD-89F3-C13A4BCD39D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{946E212C-1B4F-4B8C-AE76-D411DD593AF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{949872DA-F687-4181-ACE6-3F81E01C224D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A1DEB659-B539-406B-AE65-6CD230FD88D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9D4CC51-793C-49BE-AE5B-20AF3A56D9C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF0F5924-2F10-4C4A-9320-EA17901AD405}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C476D948-34AE-4DCE-B7D2-AC20F3CA0C87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD6CB58C-96A4-42DE-BBEA-FE54F8BFED52}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{D334148B-FBCD-47A5-ACF8-D8979234F260}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D9327A3D-1C46-4BE8-90F6-F8782ED364E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{DF27A6DB-4ADB-4DBB-95CE-81E68F5E1D5A}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{F3551E64-4756-4AC5-A0E0-7D014B345E90}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA621F5F-0A65-4034-889D-C060C4FCCA09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD5FDB4C-F692-4085-B645-275F800FF387}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036F2CA4-2152-4989-BBED-E6A71149B7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05D5DC64-8D43-4037-8C92-5125BC52FE43}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe |
"{087BD802-3F91-492E-8AAF-8B4104C34E2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{095BB923-7F87-450D-A34E-5D8D61D4970F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D0F5963-11CD-4F70-832D-077A9C989F0C}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe |
"{0DC585B8-1B3C-4C42-AC9C-462C1EA125E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{0F2B777B-EA02-462B-A84D-7BA6A26B944B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14DACBCA-B089-487B-9833-A7FAF10BF737}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{174D1878-96A8-4938-B4BB-225B4F3878E4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1BD3F9CD-C4A6-4F82-9DAF-631810AC0834}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{1BFD5554-F7C7-47B4-BEDA-6F8ABCA01449}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{1CB598E7-6FD9-4E5E-8051-648E2AF46AB7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1F673594-66FE-4D29-9142-9627423CD599}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{26FF9933-6442-41AA-AC5A-39FC5D2AD34E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{2848522C-EB25-40A3-9084-9450D35D08BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28D25042-1B5C-4B90-8B71-D6490ABFAB11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29114D44-D833-47FF-B2F4-9B8202A38D92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29F29B48-8BED-44FF-BB34-8C77117AA009}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2AAD3FE4-2835-4C08-9D90-ABDEC137CFDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2E17A58E-6B54-45C5-9149-D9FA845D4FCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30EDE398-7FEE-4660-979F-ED93BE7CDF11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32988AB2-3B18-4BC8-B964-332DC0A9D059}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33D9063D-F11C-4AFF-8903-A50206398254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{395F3F72-E463-4398-A9F3-5AFABB30831D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3CC14A62-1A19-479D-A397-2B458E941397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CE9000E-7793-47C5-AB09-C2D3515D9D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{603B2745-FD5A-41BE-8E76-2B9A8232CD01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6746F7A3-D622-4931-AD1E-DB4C7A512751}" = protocol=6 | dir=out | app=system |
"{68FB0663-63FF-4007-8B5A-5E2129C0C2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{6CAC2253-50EF-4F88-A91A-8EEB2EAEAAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{708E6793-9FD2-4047-8F2C-376403C04918}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{71CC7D71-0D9C-4701-8E89-A1E6DD74C1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75257F08-58F6-4F48-AE15-22ADB9462D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{756CA6A3-ABD0-4B0E-86AB-D6EFC0E89987}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7B76BC88-4840-4F4F-A933-5FB63C0C4C7A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{8A999F48-5462-48EF-B625-A81F58DD4B52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8B0B8143-50E1-42F6-B5D8-513524538DF8}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9194BEC6-7FFA-4B29-9846-8F6DC81D43D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9276E005-8DDD-4FA4-A9BC-E2CB992BB644}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{93C9662B-BC7E-491C-AE1E-1520F91E9440}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9B7B881F-23B7-4699-96F1-4AE7380520DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9BD60B84-9CF7-4184-8587-C4D2D7FBB8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9CFE09D1-832A-4293-AEC6-358B718BDD87}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9F020372-1CED-4EB7-806D-E4F2BB2677CB}" = protocol=17 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe |
"{A52AA55E-5675-47CE-95AF-BDC92A2BBC18}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B462FCE4-2F06-47F6-BF91-75A5734D6B3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B62A4A38-5743-4675-9D92-32E1FA32EA06}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BD9BC4C4-25A9-4C30-AAFB-B0F287A04DA6}" = protocol=6 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe |
"{C708378F-FA00-4EC6-B295-788FCC2703E1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CC61D8B8-2F46-47C6-A5ED-65DB53FF7B64}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CCB23B3A-19F6-48E3-808E-0454A8E88364}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D0631B2B-46D9-4297-9A05-08CED0BC26BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D83DD9DB-C701-4F2D-A68E-806851534F97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{D969251B-133B-4993-A64F-B46C8446C1F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9D525DA-261F-4361-9D2E-9BF65D7D45A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9E4FB79-F32E-4E9F-A820-8B8FBD4A90D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA235B6D-0F78-4645-9AEB-88E9A2370345}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA5F27CC-67DB-446B-A719-A668484CF461}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{DD8A503F-3380-4520-861D-433A4A2643C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E116897C-CFBE-4629-A251-1EDE56FA825D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E290888F-989C-497B-9EE7-73B982226B12}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F3F96D9F-ED9F-4F6C-B086-DFB5C86CE811}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F42B01A9-ACE3-4793-8388-5294BE17ED36}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{6B0A90A5-347F-4C09-80E7-05BB4E8775F5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{37C07ED4-7D4B-4201-8E8B-C41303997472}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A7096369-9332-466C-8357-08770CDCE277}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{092D4427-C1D9-43C0-B1BB-C8BCFE67D5C0}" = Windows Tweaker 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC4C262-FE40-433D-A8B4-CC3EE18032CE}_is1" = Fallen City version 1.0
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 300N X2 USB Wireless LAN Driver and Utility
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}" = Nero 9 Essentials
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"eMachines Drivers Update Utility_is1" = eMachines Drivers Update Utility
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"Harvey" = Harveys Neue Augen Demo
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 12.10.1652" = Opera 12.10
"Samsung ML-2950 Series" = Samsung ML-2950 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RadarSync PC Updater 2011" = RadarSync PC Updater 2011 (driver updates & patches)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2012 13:43:44 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.11.2012 13:43:44 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 08:14:36 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 07.11.2012 08:15:36 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 07.11.2012 08:16:00 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 08:16:00 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 08:16:00 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 08:16:00 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2012 09:18:18 | Computer Name = Holly-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (296) SUS20ClientDataStore: Der Versionsspeicher für Instanz
0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde
Transaktion: Sitzungs-ID: 0x00000000014A04A0 Sitzungskontext: 0x00000000 Thread-ID
des Sitzungskontextes: 0x0000000000000E1C Cleanup: 1
Error - 07.11.2012 09:18:35 | Computer Name = Holly-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (296) SUS20ClientDataStore: Der Versionsspeicher für Instanz
0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange
andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn.
Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein
vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange andauernde
Transaktion: Sitzungs-ID: 0x00000000014A04A0 Sitzungskontext: 0x00000000 Thread-ID
des Sitzungskontextes: 0x0000000000000E1C Cleanup: 1
[ System Events ]
Error - 28.07.2012 14:26:14 | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 14:26:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Software Protection erreicht.
Error - 28.07.2012 14:26:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 28.07.2012 19:23:30 | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =
Error - 30.07.2012 19:01:33 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst FontCache3.0.0.0 erreicht.
Error - 31.07.2012 03:12:34 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
< End of report >
|
|
20.11.2012, 14:45
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt ständig - Trojaner? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Computer hängt ständig - Trojaner? |
| 7-zip, antivir, application/pdf:, avira, bho, bildschirm, bonjour, computer, downloader, error, excel, fehler, firefox, flash player, fontcache, helper, home, hängt, infizierte dateien, install.exe, installmanager.exe, logfile, nvidia update, office 2007, plug-in, problem, realtek, registry, richtlinie, scan, security, software, svchost.exe, tracker, trojaner, usb |
