![]() |
|
Log-Analyse und Auswertung: Link in email geöffnet! Virus oder Trojaner eingefangen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Link in email geöffnet! Virus oder Trojaner eingefangen? Hallo, ich habe blöderweise in einer email, die nur scheinbar von einer Bekannten geschickt wurde auf den enthaltenen Link geklickt. Auf der Suche nach einem möglichen Virus oder Trojaner etc. habe ich danach den Avira Scan gestartet und den CCleaner durchlaufen lassen. Dann habe ich zum Glück diese Seite entdeckt und versucht mich genau an den Ablauf zu halten. Zuerst habe ich den Scan mit der Malwarebytes Anti-Malware durchgeführt. Der defogger hat keine Fehlermeldung ausgegeben. Der Avira Scan hat sich zwischenzeitlich aufgehängt und den Report konnte ich nur mit einem Neustart des Computers schließen (ich weiß nicht, ob das relavant ist?). Und dann noch ein Scan mit OTL und Gmer. Ich hoffe, dass ich unten alles richtig aufgelistet habe. Vielen Dank schonmal für die prima Anleitung und für die Mühe sich die Daten anzugucken! Gruß Timo [B][B] Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.21.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 T-Moe :: T-MOE-PC [Administrator] Schutz: Aktiviert 21.06.2012 10:13:11 mbam-log-2012-06-21 (10-13-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 185630 Laufzeit: 13 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\Users\T-Moe\Downloads\SoftonicDownloader_fuer_hdd-regenerator.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. (Ende) OTL logfile created on: 21.06.2012 13:14:09 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\T-Moe\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 66,15% Memory free 3,74 Gb Paging File | 2,95 Gb Available in Paging File | 78,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 30,74 Gb Free Space | 44,52% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 66,09 Gb Free Space | 94,42% Space Free | Partition Type: NTFS Computer Name: T-MOE-PC | User Name: T-Moe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.21 12:39:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\T-Moe\Downloads\OTL.exe PRC - [2012.05.08 21:14:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:14:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:14:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:14:24 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2010.05.07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2010.05.07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010.05.07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe PRC - [2009.04.11 00:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.10.05 18:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2010.11.12 10:23:44 | 000,330,584 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2010.05.07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010.05.07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2010.05.07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2007.01.19 00:54:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.18 19:35:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 21:14:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:14:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare) SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.05 18:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 21:14:25 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:14:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.10 04:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2010.11.10 04:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.06.23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007.01.19 01:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.28 21:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{69E99061-EEE3-4C45-B930-DA3B35A04493}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 00 DF BE BF B4 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{69E99061-EEE3-4C45-B930-DA3B35A04493}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:35:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 21:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.16 20:32:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:35:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 21:45:40 | 000,000,000 | ---D | M] [2011.06.13 20:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Extensions [2011.06.13 20:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.02 22:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions [2010.05.24 22:07:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.21 22:03:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.16 15:45:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\firefox@tvunetworks.com [2011.06.14 19:45:42 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\mail@gutscheinrausch.de [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\T-Moe\AppData\Roaming\Mozilla\Firefox\Profiles\akwe5l4t.default\searchplugins\startsear.xml [2012.04.29 09:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.16 21:20:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.06 19:50:47 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\T-MOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AKWE5L4T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.18 19:35:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2009.12.17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.18 19:35:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:35:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:35:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:35:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:35:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:35:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\T-Moe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe () O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\T-Moe\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\T-Moe\Desktop\PartyPoker.lnk File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B60F6C5-DDED-4F26-81A8-8721D4A7C608}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{949A217C-6E3A-4E40-9320-0D5218540EB1}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 10:10:33 | 000,000,000 | ---D | C] -- C:\Users\T-Moe\AppData\Roaming\Malwarebytes [2012.06.21 10:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.21 10:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.21 10:10:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.21 10:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.16 21:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.16 21:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.06.12 19:10:49 | 000,000,000 | ---D | C] -- C:\Users\T-Moe\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.06.21 13:14:24 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.21 13:14:24 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.21 13:14:24 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.21 13:14:24 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.21 13:09:51 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 13:09:51 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 13:09:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 13:09:23 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 12:37:44 | 000,000,000 | ---- | M] () -- C:\Users\T-Moe\defogger_reenable [2012.06.14 18:43:39 | 000,008,838 | ---- | M] () -- C:\Users\T-Moe\Downloads\Documents\Eastpak.jpg [2012.06.14 18:43:39 | 000,002,099 | ---- | M] () -- C:\Users\T-Moe\.recently-used.xbel [2012.06.08 21:58:48 | 000,063,489 | ---- | M] () -- C:\Users\T-Moe\Ueberweisung_EASTPAK.jpg ========== Files Created - No Company Name ========== [2012.06.21 12:37:44 | 000,000,000 | ---- | C] () -- C:\Users\T-Moe\defogger_reenable [2012.06.14 18:43:39 | 000,008,838 | ---- | C] () -- C:\Users\T-Moe\Downloads\Documents\Eastpak.jpg [2012.06.14 18:43:39 | 000,002,099 | ---- | C] () -- C:\Users\T-Moe\.recently-used.xbel [2012.06.08 21:58:48 | 000,063,489 | ---- | C] () -- C:\Users\T-Moe\Ueberweisung_EASTPAK.jpg [2011.06.14 21:06:52 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011.03.03 21:15:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2011.12.26 15:43:54 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Amazon [2011.12.05 22:34:40 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Canneverbe Limited [2011.08.08 18:24:18 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Canon [2011.06.14 21:06:53 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Carambis [2012.04.12 09:48:15 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\DVDVideoSoft [2011.07.21 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.14 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\gtk-2.0 [2011.08.18 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\HTC [2011.06.30 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.02.02 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Leadertech [2012.05.10 21:45:10 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\MyPhoneExplorer [2011.06.14 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\OpenCandy [2011.03.05 11:52:18 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\OpenOffice.org [2010.02.23 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\PPLive [2011.12.04 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\SaalDesignSoftware [2011.06.13 20:42:02 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Thunderbird [2012.06.21 13:08:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B755D674 < End of report > OTL Extras logfile created on: 21.06.2012 13:14:09 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\T-Moe\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 66,15% Memory free 3,74 Gb Paging File | 2,95 Gb Available in Paging File | 78,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 30,74 Gb Free Space | 44,52% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 66,09 Gb Free Space | 94,42% Space Free | Partition Type: NTFS Computer Name: T-MOE-PC | User Name: T-Moe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1480FC06-7152-483A-8103-567230542AD5}" = rport=137 | protocol=17 | dir=out | app=system | "{19B93BF8-3EBB-43C1-984E-A189DB0B488D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1D39F558-516F-4010-8C40-AF9EEBFF3242}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2101B968-56CD-4341-96AE-DA064E5E146C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{21E5B1A3-2CA3-492B-BDDC-7F848D6F5A04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3DC7AAE8-C39B-482C-A730-E9D95FAE5709}" = lport=137 | protocol=17 | dir=in | app=system | "{60F3093E-6932-468F-A86E-B442F2EEC031}" = lport=139 | protocol=6 | dir=in | app=system | "{7542F794-8651-47C0-9079-58B5464AFF0C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{845B48A1-1ABA-4809-9B51-E94690F2729C}" = rport=138 | protocol=17 | dir=out | app=system | "{94489BFE-5EF3-4E82-8169-460177122A9D}" = lport=138 | protocol=17 | dir=in | app=system | "{9719598F-A10E-4027-A3B9-0CD44A7A80C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99231335-ACC2-4A4D-A3E1-4BFD5D634EAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99762776-6C27-4CC2-B9BC-FD2A6F3DA83A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9D8287E3-C663-4ABC-A51C-3EC954E327E7}" = rport=445 | protocol=6 | dir=out | app=system | "{CFC7C055-AE0E-4DAD-9D19-E87831B3C14E}" = rport=139 | protocol=6 | dir=out | app=system | "{E5DEFEEB-8BD0-4650-A7BB-B3369FD90B19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8B6DA68-624E-449C-B5C5-1271F69DE052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F5D2A2C2-A79C-4E5B-84CF-0355986D5E80}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E68451-203A-4A0E-BC6B-9A6D6D12B3DD}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | "{08D3F25C-28C9-4BB3-BB8B-A908970D3F14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{11FD20CA-8C2A-4E96-B94D-E8C38F05D3A2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | "{231D3A8B-85DB-422E-A304-75E6378E0EDB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | "{23EC23C5-14EF-475C-8858-63112C66934E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | "{4D56C0FB-EEFC-40F3-B494-E3050A15A61E}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | "{62369748-6710-485F-A63B-391A3F568010}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6AB48B55-F861-4E93-95E4-1A24CCB64899}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | "{70FB9DEC-A5D3-45F3-8082-E4C09B54CCDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8812876A-FC04-47A8-8861-B5BB452591CE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | "{8C5D1F1E-80DB-4408-A380-7D28C51C4E50}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C7831D3A-6D08-49CA-BD3C-959137CFF400}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E802ACB0-15B9-4832-91B2-410C10798DEF}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\samsung pc share manager.exe | "{F0CE3396-B292-4E1D-8851-5E46E443FD2C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | "{F2D2B9CF-7B6D-42C2-9D32-665DE279E9AF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\samsung pc share manager.exe | "{F995374D-F184-48C8-89D6-C7842BDBF3FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{1ABB0F20-CECE-423D-8FB5-9B0D26E45D49}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "TCP Query User{24E0F7F0-C267-42C6-8DAA-5CBF003CA282}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{2D92CB11-E147-41BB-9001-28672C1939CB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{42E99144-43C7-4951-857A-00A5BB216946}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{4BEB9048-0FAF-4C5C-819F-FCABB74080D3}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "TCP Query User{9FEF64D0-26AB-42D7-B808-348F0C8E1778}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{BCFBAD2F-94EF-4B5A-936A-733CDC76245E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{DF4F5794-6D81-4C68-BC6B-1D990E081245}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{2B43CB79-41F2-426A-82C7-85781F6AF6E1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{32958024-EB98-47F4-8E63-5662C2734E67}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "UDP Query User{387DFA3C-A0FA-4452-A182-0FE685167D4C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{54358DCC-35DF-44B0-9880-9FC79BE139EA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{59E97F48-CFAA-4380-B293-183883F72816}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{60A20EF0-AD90-46AB-AEE3-B8FFACDABE91}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "UDP Query User{D8E0BE9A-7287-47F3-B493-3A8AF052878D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{F63E7731-51C1-4A96-8966-486C4A95695D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D7F9432D-33F7-BA1D-D379-B5EDB0271BC5}" = Saal Design Software "{DD8D87E5-C372-462F-B168-94612B1D9451}" = HTC Sync "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "DPP" = Canon Utilities Digital Photo Professional 3.8 "EOS Utility" = Canon Utilities EOS Utility "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.11.718 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403 "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1 "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "maxdome - Online Videothek" = maxdome - Online Videothek "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "OnlineFotoservice" = OnlineFotoservice "Original Data Security Tools" = Canon Utilities Original Data Security Tools "PartyPoker" = PartyPoker "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "PPLive" = PPLive 1.9 "SaalDesignSoftware" = Saal Design Software "SopCast" = SopCast 3.2.8 "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 1.1.11 "vShare.tv plugin" = vShare.tv plugin 1.3 "WFTK" = Canon Utilities WFT Utility "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.11 "xp-AntiSpy" = xp-AntiSpy 3.97-2 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Anwendungserkennung ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.04.2012 15:35:53 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 08.04.2012 15:35:54 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 08.04.2012 15:35:54 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 08.04.2012 15:35:55 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 08.04.2012 15:35:55 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 08.04.2012 15:35:56 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 08.04.2012 15:35:56 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 18.06.2012 15:35:58 | Computer Name = T-Moe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_257.exe, Version 11.3.300.257, Zeitstempel 0x4fc82063, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x083079c3, Prozess-ID 0x9f8, Anwendungsstartzeit 01cd4d8853b785a9. Error - 21.06.2012 04:04:48 | Computer Name = T-Moe-PC | Source = VSS | ID = 12310 Description = Error - 21.06.2012 04:04:48 | Computer Name = T-Moe-PC | Source = VSS | ID = 12298 Description = Error - 21.06.2012 05:40:35 | Computer Name = T-Moe-PC | Source = VSS | ID = 12289 Description = [ System Events ] Error - 20.06.2012 12:25:19 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.06.2012 12:25:19 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001 Description = Error - 20.06.2012 15:23:56 | Computer Name = T-Moe-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse 001B9E427E89 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 20.06.2012 15:25:26 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.06.2012 15:25:26 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001 Description = Error - 21.06.2012 03:40:53 | Computer Name = T-Moe-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse 001B9E427E89 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 21.06.2012 03:42:18 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.06.2012 03:42:18 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001 Description = Error - 21.06.2012 07:11:07 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.06.2012 07:11:07 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001 Description = < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-21 14:54:15 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P Running: n6onxinc.exe; Driver: C:\Users\T-Moe\AppData\Local\Temp\ugloipog.sys ---- System - GMER 1.0.15 ---- SSDT 894B6BD6 ZwCreateSection SSDT 894B6BE0 ZwRequestWaitReplyPort SSDT 894B6BDB ZwSetContextThread SSDT 894B6BE5 ZwSetSecurityObject SSDT 894B6BEA ZwSystemDebugControl SSDT 894B6B77 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 405 81C6EA3C 4 Bytes [D6, 6B, 4B, 89] .text ntoskrnl.exe!KeInsertQueue + 729 81C6ED60 4 Bytes [E0, 6B, 4B, 89] .text ntoskrnl.exe!KeInsertQueue + 75D 81C6ED94 4 Bytes [DB, 6B, 4B, 89] .text ntoskrnl.exe!KeInsertQueue + 7C1 81C6EDF8 4 Bytes [E5, 6B, 4B, 89] .text ntoskrnl.exe!KeInsertQueue + 809 81C6EE40 4 Bytes JMP D7894B6B .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[964] ntdll.dll!LdrLoadDll 779B9390 5 Bytes JMP 6A5FFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[964] kernel32.dll!MapViewOfFile 778F68F0 5 Bytes JMP 6A8A079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[964] kernel32.dll!VirtualAlloc 778FAD55 5 Bytes JMP 6A8A07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[964] GDI32.dll!CreateDIBSection 77867461 5 Bytes JMP 6A8A0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- EOF - GMER 1.0.15 ---- |
Themen zu Link in email geöffnet! Virus oder Trojaner eingefangen? |
alternate, antivir, avira, browser, converter, dateisystem, desktop, email, error, firefox, firefox 13.0.1, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, internet link, langs, logfile, mozilla, mp3, ntdll.dll, plug-in, prima, registry, rundll, scan, searchscopes, security, software, svchost.exe, trojaner, udp, version=1.0, virus, vista |