| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-4452.BG + Email gehackt? Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.06.2012, 13:19
| #1 |
 |  EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Guten Tag, gestern habe ich bemerkt, dass eine Werbe-Email von meiner Emailadresse aus an alle meine Kontakte geschickt wurde und habe deshalb das Passwort geändert. Das hat mich auch dazu veranlasst, einen Virenscan durchzuführen . Hier das AV-Log: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012 00:23
Es wird nach 3837524 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : VuN
Computername : VUN-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 19:41:56
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 19:41:56
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 19:41:56
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 19:41:56
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:41:45
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:21:14
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:21:22
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:41:41
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:41:41
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:41:41
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:41:41
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:41:41
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:41:41
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:41:41
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:41:41
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:41:41
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 20:28:19
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 20:28:23
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 11:04:51
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 16:11:46
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 18:49:13
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 18:49:08
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 19:13:02
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 19:11:14
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 19:11:21
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 19:11:32
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 19:11:34
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 20:53:33
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 23:14:04
VBASE027.VDF : 7.11.32.252 2048 Bytes 14.06.2012 23:14:04
VBASE028.VDF : 7.11.32.253 2048 Bytes 14.06.2012 23:14:04
VBASE029.VDF : 7.11.32.254 2048 Bytes 14.06.2012 23:14:04
VBASE030.VDF : 7.11.32.255 2048 Bytes 14.06.2012 23:14:04
VBASE031.VDF : 7.11.33.6 2048 Bytes 14.06.2012 23:14:04
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 19:11:12
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 14.06.2012 23:14:12
AESCN.DLL : 8.1.8.2 131444 Bytes 22.04.2012 18:21:30
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 23:14:12
AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37
AEPACK.DLL : 8.2.16.18 807287 Bytes 14.06.2012 23:14:12
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 14.06.2012 23:14:11
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 14.06.2012 23:14:10
AEHELP.DLL : 8.1.21.0 254326 Bytes 10.05.2012 19:41:42
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 23:14:05
AEEXP.DLL : 8.1.0.52 82293 Bytes 14.06.2012 23:14:12
AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 06:55:34
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 19:13:06
AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 19:41:55
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 19:41:56
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 19:41:56
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 19:41:55
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 19:41:56
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 19:41:56
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 19:41:56
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 19:41:56
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 19:41:55
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 19:41:55
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 16. Juni 2012 00:23
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSX.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Communications_Helper.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'wn111.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrS64H.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '2622' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\androidsdk\platforms\android-10\images\system.img
[WARNUNG] Der Archivheader ist defekt
C:\androidsdk\platforms\android-12\images\system.img
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
[0] Archivtyp: ZIP
--> Java.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
C:\Users\VuN\Desktop\I9000XWJW5%20-%20DBT.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\VuN\Music\Imogen Heap\Imogen Heap - Speeding Cars.rar
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 20.zip
[WARNUNG] Unerwartetes Ende beim Lesen eines Blocks
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 4.zip
[WARNUNG] Unerwartetes Ende beim Lesen eines Blocks
Beginne mit der Desinfektion:
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5572f467.qua' verschoben!
Ende des Suchlaufs: Samstag, 16. Juni 2012 11:49
Benötigte Zeit: 1:45:27 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43990 Verzeichnisse wurden überprüft
979006 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
979004 Dateien ohne Befall
7892 Archive wurden durchsucht
12 Warnungen
2 Hinweise
653490 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Ein Malwarebytes Log nach dem AV-Scan: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 VuN :: VUN-PC [Administrator] Schutz: Deaktiviert 16.06.2012 11:53:48 mbam-log-2012-06-16 (11-53-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 476455 Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 16.06.2012 13:54:07 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\VuN\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe PRC - [2012.05.08 21:41:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe ========== Modules (No Company Name) ========== MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64) SRV - [2012.06.15 01:46:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.03 17:33:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.14 13:09:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x) DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv) DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64) DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "64.85.181.46" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "64.85.181.46" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.http: "64.85.181.46" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.85.181.46" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "64.85.181.46" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.08 18:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M] [2010.12.02 20:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions [2012.05.19 01:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\tzmkfnv0.default\extensions [2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\askcom.xml [2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\youtube.xml [2012.03.18 01:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.04.13 13:41:29 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.01.06 13:46:23 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.19 01:07:39 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.05.03 17:33:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe () O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe [2012.06.16 13:36:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe [2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012 [2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia [2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08 [2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08 [2012.05.20 19:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AP Tuner [2012.05.20 19:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuned [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe [2012.06.16 13:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 13:47:37 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 13:47:36 | 002,031,392 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable [2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe [2012.06.16 13:37:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe [2012.06.16 13:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 14:19:16 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 14:19:16 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 14:19:16 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 14:19:16 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 14:19:16 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png [2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma [2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma [2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma [2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png [2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png [2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png [2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png [2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma [2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma [2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma [2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif [2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG [2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG [2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma [2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma [2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma [2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma [2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma [2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG [2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png [2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG [2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma [2012.05.20 20:25:54 | 000,364,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (12).wma [2012.05.20 20:21:28 | 000,808,683 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (11).wma [2012.05.20 20:08:58 | 000,534,793 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (10).wma [2012.05.20 20:01:26 | 000,813,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (2).wma [2012.05.20 19:10:38 | 000,001,120 | ---- | M] () -- C:\Users\VuN\ia_remove.sh [2012.05.17 20:39:47 | 000,249,516 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 804.png [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable [2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe [2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png [2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma [2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma [2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma [2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png [2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png [2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png [2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png [2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma [2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma [2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma [2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif [2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG [2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG [2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma [2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma [2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma [2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma [2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma [2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG [2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png [2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG [2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma [2012.05.20 20:25:54 | 000,364,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (12).wma [2012.05.20 20:21:28 | 000,808,683 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (11).wma [2012.05.20 20:08:58 | 000,534,793 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (10).wma [2012.05.20 20:01:25 | 000,813,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (2).wma [2012.05.20 19:10:38 | 000,001,120 | ---- | C] () -- C:\Users\VuN\ia_remove.sh [2012.05.17 20:39:31 | 000,249,516 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 804.png [2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe [2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini [2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat ========== LOP Check ========== [2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft [2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP [2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity [2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP [2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard [2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid [2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite [2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development [2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener [2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox [2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire [2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit [2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla [2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0 [2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games [2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ [2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView [2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC [2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios [2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient [2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam [2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag [2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher [2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org [2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera [2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung [2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer [2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian [2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2 [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client [2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software [2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle [2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 [2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax [2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE [2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView [2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.06.2012 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135816FA-C601-4C70-BAB7-8EE5D5768023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A0D5BA6-F8A4-4284-9404-84EFC137E966}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C4A3E53-9784-430C-81EC-6DF70C9C3063}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D705481-46F3-4EA4-B4E5-AB69811296CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1FA7B0E7-19B0-4A13-B3F0-29F5B944E6C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{205D6A4D-DC75-4F8D-848A-CD4C2A3209E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{207FF0ED-E175-4332-921D-8EFE74D447A4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29595982-E4C8-40AB-B858-700141011539}" = lport=137 | protocol=17 | dir=in | app=system |
"{371E43A2-C5EE-4490-ACB7-963CDA3F4960}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{3B468C96-820C-48D8-9380-5D335091FF8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7D34BE-8938-4A09-90CC-B06E358D42ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FDC5E30-3F1D-4AB2-A140-1EC21662B686}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D13F98F-F948-4C82-A69E-30DCB39DE22B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{4E227041-096D-473C-82F5-A65EEF1B1FB2}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{4ECB70DA-5D22-4AAD-9434-73A00BCD7E74}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{5A4B8C64-D93D-47C0-A496-25F6916347B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6250864A-0031-46C3-A326-02AFE2EC8C04}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DD680B3-5FC2-490A-884E-F8705E8E2772}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{704418F3-5B7A-4BDA-AAD4-46773B8D953E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74D498E8-1AAF-4A2B-B5F9-B2B0B2C9D51D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97DA7D57-B648-435D-BCDD-2B6B30358901}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B4026AF-308E-4FAC-9875-DF19E8835853}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7619A2E-CA78-4A45-A25A-D95F2C6EE989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEC8C7FF-4C8C-41CC-9A14-73238FC78333}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7F80F6-92C8-455E-B2A3-91D796B0E77A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5C25498-BB44-451F-91AA-BAC481905F7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA7327B0-875B-4CBD-9FDE-6E7D6C7ECEE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{D29756D9-52DB-4959-9423-479B65DF373B}" = lport=4495 | protocol=6 | dir=in | name=net monitor for employees configuration |
"{D326070F-A57B-42E2-889B-6D07C6D3F988}" = rport=137 | protocol=17 | dir=out | app=system |
"{D88545B4-8F7B-470E-968F-2CA1C23E66AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D9EF043B-C8AC-4752-AACF-F3273340FBDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F285AAD6-CD38-4D39-A80A-C35345CED91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FB732DA6-3AE9-4D37-B18F-8DD32F0FFED1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF219F88-1859-4324-933A-BABE0C0475B2}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A9C88-07D2-485E-BADC-AC7D3B780DD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06054B65-263C-4FC7-9E00-A9FE44252358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09D877CB-4796-48D2-8B12-042E83729373}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{119D9CF6-5168-4657-9197-E5CE4736800E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A6BAAEA-603E-43A3-9AB6-D217A9F2305A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C0081D3-126D-4DD0-913B-5E5E153C99DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1CAB0875-6211-4AE4-AFF6-C4862D324B29}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{232E82DA-F6AD-47DA-BBCA-7D2598EA9802}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F8F8712-0E08-4CE5-93CA-C8711221FEBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31B9F738-7A0A-4CCF-AFE6-113674AFCD0D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31C8A650-D148-4622-AA85-DC1172DED484}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{357791B5-D1BE-41B6-AC90-A16408FDF08F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B8B6566-1DC1-4EC4-9AC5-2CCA955A4502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4018DE97-16DF-406C-A989-0B428F11E6B0}" = protocol=6 | dir=out | app=system |
"{42EA7D0B-BE99-4E1D-BCB2-4978E5EACC8B}" = protocol=6 | dir=in | app=e:\games\rayman origins\rayman origins.exe |
"{4CE70D5C-D945-4F99-905F-E2760ECF22B9}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{575BEAD5-BC6B-4D69-950A-5B2A8A12DFEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6005C0E0-D3D2-4F15-94E0-FC03CFF5F6AC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{664F7CAC-2943-41AE-ACA0-148807AB38E9}" = protocol=6 | dir=in | app=e:\games\rayman origins\gu.exe |
"{6762DA49-7EFE-453D-B10F-A35349FF2AF2}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{6D1FDBA3-328D-4B96-ADAB-112580D0E05D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{76288942-8814-451B-903A-3E58E0288B41}" = protocol=6 | dir=in | app=e:\program files (x86)\opera\opera.exe |
"{78A85FCF-3317-43DB-91FB-A0DDF144A3E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E7997F9-0C4C-4D87-88BA-F205F7503625}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{83138879-0C1C-4E62-8B75-73CA34185883}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{83D723DE-6A92-49E2-BF7B-E1849FEA83F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8B82C53B-8BE0-43C7-A8A3-B52A08F0540F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9413AA04-31B6-47D0-B2C4-B7B823EA2220}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969E7223-2346-4C47-BF00-E821AA727516}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A4783BE5-B950-4A89-B82E-6F824C74C886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB5A5199-A001-4C17-BF57-277F046EEC74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B6658E43-FE77-4A58-BB88-6530A6286779}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7D101E3-0D0A-427E-A345-449137F20E03}" = protocol=17 | dir=in | app=e:\games\rayman origins\rayman origins.exe |
"{C05758F3-1D62-4182-AD10-E5741D8FD954}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5CE8B2B-E81B-40B6-8A1E-BEEC1BB12EBE}" = protocol=17 | dir=in | app=e:\program files (x86)\opera\opera.exe |
"{C80A5E28-74DF-44AF-A116-62374AA840AC}" = protocol=17 | dir=in | app=e:\games\rayman origins\gu.exe |
"{D833D58F-115A-4468-9B8F-BA7F437097F0}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{E879E2E2-E3B9-40E2-8C4E-E3E936BDC185}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{E8A1E8DE-8FCA-41FE-B739-15A7152E820F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB85073C-6DAA-41B9-BDE4-B38EE93FC266}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC31520F-2B8A-4855-AC3B-D27EC012A04B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{ECEE5E1C-2207-4678-97A1-28CC9A42537D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{050BC08D-77B8-4872-BA41-28A7CC169C43}E:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{4A27BC9C-DF3C-4076-A13F-BA7026E6986C}G:\david\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe |
"TCP Query User{5218527F-F8CB-4017-AE3A-C57F53B37654}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=6 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe |
"TCP Query User{72447530-DE3A-4684-8702-4B84B6E213F6}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe |
"TCP Query User{7D4055E3-6EC8-41E2-8D48-A27AED180DF4}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{83E743ED-13D0-4C87-91A1-564018E9D3BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{907A20FF-E9F9-4659-A553-91D2EECE7B0C}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{9A91632B-0368-4166-97EB-626E505F4D26}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{AFC38F18-AAAE-4970-8821-A3812BDA61A8}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe |
"TCP Query User{CA4B37F0-A0E5-483A-B7FF-18841FCDDD8D}E:\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\srcds.exe |
"TCP Query User{D0254337-EC51-413B-8E59-159D8495EED7}E:\games\mw2\iw4mp.dat" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.dat |
"TCP Query User{ECF77B2C-6383-4701-BC19-99FA4C381043}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{F2F1015D-C694-4D7D-9616-B56BBF975E9B}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{2070C189-46B0-4D92-9DBA-2D48AD082A86}E:\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\srcds.exe |
"UDP Query User{2FF0BD35-42D3-4ACF-A4AE-0FDD654E01B5}E:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{489C661E-7508-47FC-BD84-8428614ED624}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{79C4ABEF-AE70-47AE-98B9-4338597755EE}G:\david\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe |
"UDP Query User{84198B8B-4E0E-4ECA-BC61-75E9593E6176}E:\games\mw2\iw4mp.dat" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.dat |
"UDP Query User{846138DD-7041-475B-ACC0-C648FB5F4E57}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{99F01905-4920-4E80-865A-30541D000520}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe |
"UDP Query User{ADE3C6C8-2BE8-41F2-9A63-999D202E221B}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{CB9A66EF-9982-41BB-9701-B13F7AFC800A}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{D4E2088F-8256-4F18-958B-FC77DE967975}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{EAC08568-6CE1-4C6D-9890-4AB930FD773A}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{ED37E1BF-CEED-4963-AF98-1968A2A80153}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F7821A52-7EB5-4D48-8456-221F578304E4}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=17 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{192E85C6-2B8A-4217-AD30-ECA5CE19DB23}" = Logitech QuickCam
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DF54E1D5-B4A3-4F94-B018-75529AB97682}" = O&O Defrag Professional
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"AMP WinOFF" = AMP WinOFF
"AP Tuner 3.08" = AP Tuner 3.08
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Dungeon Defenders_is1" = Dungeon Defenders
"EarMaster School 5_is1" = EarMaster School 5
"gedit_is1" = gedit 2.30.1
"Hamachi" = Hamachi 1.0.1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.4 (Standard)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"ManyCam" = ManyCam 2.6.60 (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"QcDrv" = Logitech® Camera-Treiber
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 570" = Dota 2
"Tuned!" = Tuned!
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.3.0b
"XnView_is1" = XnView 1.98.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2012 08:14:23 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.06.2012 08:21:59 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4ac ID des fehlerhaften Prozesses: 0x105c Startzeit der fehlerhaften Anwendung:
0x01cd494c9399f081 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
5f5d2e38-b552-11e1-869a-002354c0ca07
Error - 13.06.2012 19:31:45 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f920759 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x6da59903 ID des fehlerhaften Prozesses: 0x15b4 Startzeit der fehlerhaften Anwendung:
0x01cd49aefd92598d Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
f005a920-b5af-11e1-9b35-002354c0ca07
Error - 14.06.2012 19:47:41 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: MSVCR80.dll,
Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc000000d Fehleroffset:
0x00014ba1 ID des fehlerhaften Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung:
0x01cd4a87f1a8eb66 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
53c989bd-b67b-11e1-9d77-002354c0ca07
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12310
Description =
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12298
Description =
[ System Events ]
Error - 11.06.2012 14:40:17 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 12.06.2012 05:37:54 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 12.06.2012 16:49:22 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.06.2012 06:06:18 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.06.2012 17:41:52 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.06.2012 19:41:46 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 14.06.2012 08:05:38 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 14.06.2012 19:09:58 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2012 16:44:12 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.06.2012 07:48:02 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Vielen Dank im Voraus , boreal99 :-) |
| Themen zu EXP/CVE-2010-4452.BG + Email gehackt? Was tun? |
| 7-zip, bho, dateisystem, desktop, device driver, email, email gehackt, error, exp/cve-2010-4452.bg, fehler, flash player, google, helper.exe, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, jdownloader, langs, league of legends, logfile, mozilla, mp3, msvcr80.dll, netgear, nt.dll, nvidia update, plug-in, programm, realtek, registry, scan, searchscopes, security, software, svchost.exe, teamspeak, usb, usb 2.0, verweise, vista, warnung, windows |
Baum-Darstellung