| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner (mit Webcam) entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.07.2012, 09:59
| #1 |
| |  GVU-Trojaner (mit Webcam) entfernen Hi, mein PC wurde von dem GVU(/BKA) Trojaner befallen. Es ist der mit der nebeligen Webcam-Aufnahme. Kann mir bitte jemand helfen den zu beseitigen? Ich hatte schon begonnen dieser Anleitung von redirect301.de zu folgen. Bin aber bei Punkt 8 stecken geblieben, da der Wert des Shell-Schlüssels schon explorer.exe ist. (Die Hilfestellung von Simon ist zu kompliziert für einen Laien mich.) Danke im Vorraus. EDIT: Ich habe einen Scan mit Malwarebytes durchgeführt. Hier ist der Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.12.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 12.07.2012 11:15:35 mbam-log-2012-07-12 (11-15-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229063 Laufzeit: 5 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Gast\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SoftonicDownloader_fuer_hamachi.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 12.07.2012 11:30:21 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\***\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,61% Memory free 5,98 Gb Paging File | 4,66 Gb Available in Paging File | 77,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 780,44 Gb Free Space | 86,68% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.12 11:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.05.09 17:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 17:31:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 17:31:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 17:31:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.11.28 14:19:56 | 000,265,120 | ---- | M] () -- C:\Programme\Common Files\WireHelpSvc.exe PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.08 19:30:10 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.09.08 19:29:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.08.10 05:27:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011.04.19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.22 13:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.02.09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2006.04.20 11:45:34 | 001,073,152 | ---- | M] () -- C:\Programme\WiFiConnector\NintendoWFCReg.exe ========== Modules (No Company Name) ========== MOD - [2012.06.20 14:22:37 | 020,313,384 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll MOD - [2012.06.20 14:22:36 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll MOD - [2012.06.20 14:22:36 | 000,895,312 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll MOD - [2012.06.20 14:22:36 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll MOD - [2012.06.20 14:22:36 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll MOD - [2012.06.17 11:40:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.17 11:40:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 12:21:22 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012.05.10 03:24:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 03:24:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.10 03:24:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 03:24:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 03:24:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 03:24:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2006.04.20 11:45:34 | 001,073,152 | ---- | M] () -- C:\Programme\WiFiConnector\NintendoWFCReg.exe MOD - [2005.09.07 19:00:54 | 000,126,976 | ---- | M] () -- C:\Programme\WiFiConnector\WIFICON.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.11 22:06:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.19 12:35:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 17:31:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 17:31:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.26 16:34:46 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.11.28 14:19:56 | 000,265,120 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.08 19:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.05.27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011.04.19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 13:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.02.09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 17:31:38 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 17:31:38 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.11.28 14:19:46 | 000,836,496 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.08 20:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.09.08 18:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.06.07 00:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.22 17:49:00 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp) DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2006.04.10 14:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{443CBE74-6DDE-40F3-AE34-05853F907749}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{78B22EB9-51F4-4533-A0D2-F6DFB2EE364F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110416,16981,0,19,0" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 12:35:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 19:38:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\***\AppData\Roaming\NetAssistant\ [2011.04.17 02:18:32 | 000,000,000 | ---D | M] [2011.03.08 18:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.04 22:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fss673j5.default\extensions [2012.06.15 21:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.27 17:10:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.04 22:53:00 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSS673J5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.19 12:35:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.13 20:44:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.15 15:46:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.15 15:46:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.15 15:46:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.15 15:46:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.15 15:46:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.15 15:46:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA324995-E6B1-43EE-83D6-9FB83E2B28FF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{256bf2a9-759f-11e0-a0cf-6c626d6916e9}\Shell - "" = AutoRun O33 - MountPoints2\{256bf2a9-759f-11e0-a0cf-6c626d6916e9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.12 11:12:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.12 11:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.12 11:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.12 11:12:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.12 11:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.02 04:39:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\RNG Reporter [2012.06.30 21:17:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Balotelli [2012.06.28 03:27:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PokéGen [2012.06.28 01:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.06.28 01:36:26 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2012.06.28 01:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.06.28 01:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.06.28 01:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2012.06.24 12:42:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.21 19:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.19 23:15:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Diablo III [2012.06.19 14:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.06.19 14:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III [2012.06.19 14:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.19 12:56:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sun [2012.06.16 14:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy [2012.06.14 21:53:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Dreambelievers [2012.06.14 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Pokemon-Online Logs [2012.06.14 21:49:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pokemon Online [2012.06.14 18:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online [2012.06.14 18:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Pokemon Online [2012.06.14 14:34:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient2 ========== Files - Modified Within 30 Days ========== [2012.07.12 11:30:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 11:30:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 11:30:02 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.12 11:30:02 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.12 11:30:02 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.12 11:30:02 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.12 11:23:14 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.07.12 11:23:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.12 11:22:59 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.07.12 11:13:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 11:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.12 09:33:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.12 05:45:20 | 000,282,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.28 01:36:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.06.16 14:11:28 | 000,000,051 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts ========== Files Created - No Company Name ========== [2012.07.12 11:12:20 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 09:22:43 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.03.23 18:08:59 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.08.26 16:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.08.10 14:30:18 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.03.08 21:10:43 | 000,000,590 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.21 07:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== LOP Check ========== [2012.01.30 01:36:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.03.30 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarksporeData [2012.01.15 13:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.05.10 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2012.06.14 14:34:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient2 [2012.03.14 21:34:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LOVE [2011.04.17 02:18:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetAssistant [2012.06.14 21:49:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pokemon Online [2011.12.03 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.04.29 02:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.03.17 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2011.03.20 22:49:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.04.03 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.07.06 15:31:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.07.2012 11:30:21 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\***\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,61% Memory free
5,98 Gb Paging File | 4,66 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 780,44 Gb Free Space | 86,68% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040791E8-9ED6-4CB2-84A4-B9CF7D209217}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0470DDCD-B327-4FF9-A019-55CDB5A85152}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0838FE93-E517-46B6-A3B5-CF72418C5DFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CDBD2D2-EFDA-4630-81FF-E2E5CA65D47D}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E624C6F-3BCB-46A0-BC4C-580F41905D2F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{230DDAEF-8508-40F1-93CD-B1795F65B4FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24D7B7C8-C40A-487B-80B6-0DBF665316D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{267D5C92-CB52-412C-A8DD-4F2EBC97FD72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{332B0553-30BE-407B-A0DC-5B1AAC30A8CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{455AAD9F-FF1E-4530-A0BA-3ECE8D8887D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{4733566B-4AEB-4CB7-8F6F-C5C39B92F8BE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{497C79A7-14A2-46B6-AF7F-56D1EF9A71DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{56375B83-81EE-4AAE-A344-9015489C7D0B}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{5B4ABFD9-C22D-46C5-AB03-4166D9C89B0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D3FA5FA-AB25-4896-8EB3-8D0322C1FCA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E63CB67-8A4F-4C55-A755-265C108AE0AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5F3F3325-76C0-45B8-BF8A-5AE47C071829}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{60581F67-AEC3-4A0F-B762-A53B89C56403}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AC7DE88-6515-4EFE-9198-3C821540E85D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{729C014F-A107-4C06-A022-2F46996C4597}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F856AFD-F595-485C-954A-B44D9CC562A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{846A6D67-87C5-4EDE-8616-7872DEB7C529}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8965ECFF-DB2A-4363-950B-6E863EC5772F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9FED2A7E-931F-465D-8DE5-3FE250AAB31C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B47A12FB-BEF9-4A08-9929-05B14D10ED0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B5219227-4673-4F40-93FF-AD67180F1A77}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BED174B1-4DB9-4567-B0B2-AE3290149C36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2CCD569-2B29-44AE-8E53-3D6FD707E481}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3042242-C036-4B6E-9588-5951EE5DF9D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5E4C198-057A-4581-BED5-916E7AF1FFB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6985663-7C32-49BD-A59B-50D0E9DACADE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7DE7E7D-3606-4531-BD15-5C7639CE8268}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0E33444-3313-44FF-BEA2-D39311C38077}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D8B988ED-CCD5-492E-8D72-2FE8D12F6ACD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9D922B5-E311-4928-983D-AB1E1C284CC2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E38C97F8-C15E-472D-B058-4F94C713F443}" = lport=137 | protocol=17 | dir=in | app=system |
"{EB4A8487-EF10-4306-BB5E-60B97BC4E41B}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC37BF35-ACB3-4D5A-AC78-017B40DC01A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECF67AAD-4988-4DC1-97AE-599F24A2CF51}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F02E611F-890D-4334-8E41-84A3A2571BE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F686E193-D894-4076-A240-F9ABC5A1EF27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA9CBE78-9D01-487A-AEBC-613F4A1740EF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB974300-2A8D-4ADF-AD96-64B67883626B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF759AE5-36ED-4970-B8E3-AA873A7A717D}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E0F310-8883-4255-B34D-6844D54A33E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{125CB133-2340-4CB9-BCA9-95F30B01BAFD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{14321AB2-C2A3-411C-8ECC-7E6AA902245F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1581A0C8-0939-4868-8EB0-4989E5150214}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1C9211BA-6837-4A08-B854-6EE6AE74A154}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counter-strike source\hl2.exe |
"{20C286FF-9727-4DD6-8F3B-09D27F856101}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\day of defeat source\hl2.exe |
"{2211B133-F260-4A76-A8C9-E72623492F59}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{27F0C5E5-379E-4DA9-99BB-D3D80409DAB9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2D8F632E-2B4B-45CB-8FBE-D2FA361993EE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{332C9AD2-B6BA-488E-B998-E57124534838}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{33DE60E7-2B96-4339-9923-9FED641B0AF1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{3889E8DB-08B9-4169-84B7-209290594E40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{396756CB-45C5-45B8-8D59-4BBDDDFE6FE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3C1C2524-CCBE-4B09-86FA-FA2E236493CA}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{3C33E48A-C9C1-4312-B4ED-DC070157F0E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{439336C5-4C3C-4855-9906-F7627DBAB778}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{454D50CA-85FF-4516-80CC-A517AD44851F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45691CF2-E33C-4D42-85EE-2B10DFC4831C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4821E501-B09B-479A-A0C1-7A07D7AD9707}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\ricochet\hl.exe |
"{4B952815-148B-43F8-B930-0F5E658A8361}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EBE5CE6-FD34-4BDA-8053-57B114E859A1}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{5368462C-133C-4BB2-BB57-4E1E15170080}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counter-strike source\hl2.exe |
"{543BBC7E-121D-4F79-9ABA-23911EE0BBD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5674534A-B263-42B9-B4B9-EE78D1F6D8EA}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{56CEB8B7-C209-452F-8A31-7EB3A7E0A8F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{57B9B955-0828-40A6-8297-3A49CF31A7C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{57DFEC38-A2A7-4C6E-9BEE-503CA271D5B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{588CC23F-207C-4EB6-A904-F6C971764C4C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\ricochet\hl.exe |
"{5BD77C84-FDCA-4B9D-AB7F-D343BCAF1711}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{67F597F4-AC4C-45A2-B961-4EAF8ED7BFB3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F2A9890-8D70-460C-B4E6-6E2D91BAB480}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{716DE4A7-DFBE-47D9-B09F-A82588D973F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71E484BC-3119-47AC-8D01-1E26B80A5EF5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{74AA4516-5923-4E03-BFED-061F708A2DC4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\ricochet\hl.exe |
"{7A54ADF2-1AAD-47EA-B133-18B396016F38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counter-strike source\hl2.exe |
"{7A913BA2-807F-4642-B736-6D002D8D940F}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{7CC9912B-E493-4301-91CC-0954F01136A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\day of defeat source\hl2.exe |
"{8201BC8D-8206-475D-B971-B68E48603BAE}" = protocol=17 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{8332CD88-9D85-40BA-9FAE-3261F05903E6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\condition zero\hl.exe |
"{83DE5572-9A6F-4AE5-9B09-36EC273A11DF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{86015771-70AA-4490-B50F-86F8DEBC4928}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{89014EF0-850B-45FC-B79B-4E93DE342ED0}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{896AC7A8-FF0C-4172-938F-4F43EB34E53B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\source sdk base 2007\hl2.exe |
"{91D84F8D-5DB5-40FB-932D-DA470C795E3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\condition zero\hl.exe |
"{949FD3CC-29FA-4A28-813B-CC73B54A1351}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{987C78F9-5A29-4498-9D96-899AA33E4F4D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\ricochet\hl.exe |
"{9F7196B9-585D-4E36-A558-50CA4D5120C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{A1DABE39-8A88-47BB-B058-C18AD255BD05}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{A5E315A3-F3C2-40A3-A9CC-27F8BA57721C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A7DB33EE-FF73-4938-B3BD-204DDDEB0DCC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\source sdk base 2007\hl2.exe |
"{A80B9BD0-1758-4A26-9EF9-3CCCA7B03CBD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AD024ACA-186C-4CED-80B1-F86E66641226}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34E19AB-2007-4F2E-9ED6-3178405148C2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{BFBAC886-7630-46E3-98D6-1BCF21877C76}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C64630F0-3C1E-45C4-9497-30F7C1A3DDB1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C6F8BC95-F9FE-46CE-8B0F-208EFE8D5066}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{C98A910B-996E-4BD9-B282-8406847244A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB277692-B3E0-43AA-AA4B-8C26836F0885}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{CC3FBE54-700B-4D76-AECD-9BEA84602954}" = protocol=6 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{CC4F0412-0958-4889-9F6A-651F36467EA3}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{D06A6689-0F1F-4300-87BD-61EF70676754}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counter-strike\hl.exe |
"{D0C578EF-89DE-4751-AA57-B88A7205B905}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D15C2E6F-7728-43C6-976C-B13AB304A478}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D3DA0084-E836-449C-A234-123C20565B85}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D719DA89-8031-4120-AC79-0B3F9B7469EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D83B5424-094B-4B44-8510-019EBA1D5B0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D883A1F2-0621-42FF-B419-C4595D5086A4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA130104-355D-4CA0-9F72-95E031CC2CB6}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{DAD38ADA-D5AC-46F3-B2F3-5BEC8EB29AE2}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{DC3C3365-EF36-4D9C-BFAC-DB7B96DF217B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{DC7A529E-5436-4F10-BF2B-7C5A906E8599}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{DD4328D6-A8D1-49F0-A0F4-DC381C792FD0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{DD85683F-9F97-4CFC-9F56-121713434B55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{E1663AF7-EE81-4FBC-833D-CF42838CB083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1DCD632-8DB5-4DF8-9B20-0654A64FC34E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E69FA910-75AC-4B36-B118-3906BE879BEC}" = protocol=6 | dir=out | app=system |
"{E7ABE4EE-99DF-4780-9493-E189909280E7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E86EDFE0-1473-4B97-B119-188D412BFA25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EAE3192D-6174-4EE3-BF8E-C31185FCB4FD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{EB2E074D-0BB4-408A-91C4-00903F21A1FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\deathmatch classic\hl.exe |
"{EC1EC56B-8825-479A-9D77-0648F0156790}" = protocol=58 | dir=in | app=system |
"{EE2AE918-78AA-496E-8097-891B0C55C85A}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{EE7DA627-ACDD-42B4-8798-142EAC238048}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F410802C-EDF3-4D98-8C21-26439F4308B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counter-strike\hl.exe |
"{F6B83720-F19E-47B8-9FFC-1DD068A70F54}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{F849D440-7215-41BB-81F6-979DA2FAB5E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\deathmatch classic\hl.exe |
"{FA7D2CDF-7426-4F15-BB90-E6928DF56270}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counter-strike source\hl2.exe |
"{FBFAF559-2F89-416F-8A36-9BD42B9AF54B}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{FF73B5E8-C9D6-4327-8D8A-DACE0AE8B782}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{19568C49-5592-413B-B0AE-A1D2D3D7B4DD}C:\program files\steam\steamapps\khaos1993\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\half-life 2 deathmatch\hl2.exe |
"TCP Query User{277FAB99-B3B1-4275-8CB2-977E0A2BECB8}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{54C1155E-15A7-4D19-87B2-4F72D2312C29}C:\users\***\desktop\pokémon & co\emulatoren & roms\vba\vba link\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\pokémon & co\emulatoren & roms\vba\vba link\visualboyadvance.exe |
"TCP Query User{8EE6036D-294A-4213-9FFD-12C69055A107}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A5AD66D1-2578-4811-BB46-558116B60F96}C:\program files\steam\steamapps\khaos1993\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\condition zero deleted scenes\hl.exe |
"TCP Query User{B7BA8F0C-878D-47D8-8413-228A8D324EE2}C:\program files\steam\steamapps\khaos1993\counterstrike source beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counterstrike source beta\hl2.exe |
"TCP Query User{F19A1C72-5F6F-49F0-A3A4-4BE71FA30B59}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{F4B23CC8-F850-4010-9A94-6768F80954CC}C:\users\***\desktop\pokemon online\tgb_dual.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\pokemon online\tgb_dual.exe |
"UDP Query User{2D77E4D3-2BCC-4241-B1D1-C845F0D3FCED}C:\program files\steam\steamapps\khaos1993\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\condition zero deleted scenes\hl.exe |
"UDP Query User{4A0CD2ED-2C2B-402F-9F92-424D7D82AE42}C:\users\***\desktop\pokemon online\tgb_dual.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\pokemon online\tgb_dual.exe |
"UDP Query User{68707A3D-4052-47C4-937F-F8EC7972B242}C:\program files\steam\steamapps\khaos1993\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\half-life 2 deathmatch\hl2.exe |
"UDP Query User{77967968-2D39-42C5-BC2C-FC47933A4174}C:\users\***\desktop\pokémon & co\emulatoren & roms\vba\vba link\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\pokémon & co\emulatoren & roms\vba\vba link\visualboyadvance.exe |
"UDP Query User{903A305A-F738-499A-A363-E65ECF078430}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{BD1833CE-FFE4-406E-BF52-8C0DE3C430C5}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{BE6F31FB-94A4-4060-BC05-0A50F0F6F500}C:\program files\steam\steamapps\khaos1993\counterstrike source beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\khaos1993\counterstrike source beta\hl2.exe |
"UDP Query User{E6A3883B-BECB-49C7-A429-30EFDE7149D4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027B17C7-C291-6FB5-0C82-8BC157599201}" = Catalyst Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07D3F755-05A0-934E-6F48-706C43927AA9}" = CCC Help English
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5229C090-842B-1CB0-1676-43E421294B5C}" = AMD Drag and Drop Transcoding
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6BCC0A09-6235-C2DE-4E3D-09F7793C6FB3}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{81E19A62-1FD2-1066-7C10-19DD3323E27F}" = AMD Media Foundation Decoders
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938F03A3-9932-DA4F-DDC1-49FABFD41B23}" = AMD Media Foundation Decoders
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CC5FA098-131A-5648-31D5-825692C72B2C}" = Catalyst Control Center
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D751FC11-146D-9848-6993-9A567E05B1EF}" = ccc-utility
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlecraft 19422.1" = Battlecraft 1942
"Belkin Installationsprogramm und Router Monitor_is1" = Belkin Installationsprogramm und Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"Byki Express" = Byki Express
"Debut" = Debut Video Capture Software
"Diablo III" = Diablo III
"ESL Wire_is1" = ESL Wire 1.11.1
"ExpressBurn" = Express Burn Disc Burning Software
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Prism" = Prism Video File Converter
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 30" = Day of Defeat
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 40" = Deathmatch Classic
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 60" = Ricochet
"Steam App 80" = Counter-Strike: Condition Zero
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trusted Software Assistant_is1" = File Type Assistant
"Video Mover_is1" = Video Mover
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"NetAssistant" = NetAssistant for Firefox
"PikaTimer 2.03 JNLP Version" = PikaTimer 2.03 JNLP Version
"Structorizer" = Structorizer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2012 18:41:46 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Belkin\belkin
usb print and storage center\Restore\Files\x64\Restore64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2012 13:02:10 | Computer Name = ***-PC | Source = Windows Backup | ID = 4104
Description =
Error - 03.07.2012 18:30:55 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Belkin\belkin
usb print and storage center\Restore\Files\x64\Restore64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2012 16:17:48 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Belkin\belkin
usb print and storage center\Restore\Files\x64\Restore64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.07.2012 09:31:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000
ID
des fehlerhaften Prozesses: 0x3f4 Startzeit der fehlerhaften Anwendung: 0x01cd5b7b93d70712
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: dcafed98-c76e-11e1-b1a8-001601434919
Error - 07.07.2012 06:28:01 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Belkin\belkin
usb print and storage center\Restore\Files\x64\Restore64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.07.2012 09:33:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
Version: 11.3.300.262, Zeitstempel: 0x4fe20fae Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
Version: 11.3.300.262, Zeitstempel: 0x4fe21212 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0010a9f7 ID des fehlerhaften Prozesses: 0x594 Startzeit der fehlerhaften Anwendung:
0x01cd5cf2b652b8a1 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
8947ee9f-c901-11e1-b212-001601434919
Error - 08.07.2012 13:02:18 | Computer Name = ***-PC | Source = Windows Backup | ID = 4104
Description =
Error - 10.07.2012 11:55:54 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Belkin\belkin
usb print and storage center\Restore\Files\x64\Restore64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.07.2012 03:45:27 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.
[ Media Center Events ]
Error - 13.06.2011 07:50:44 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 13:50:44 - Fehler beim Herstellen der Internetverbindung. 13:50:44
- Serververbindung konnte nicht hergestellt werden..
Error - 13.06.2011 07:50:57 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 13:50:50 - Fehler beim Herstellen der Internetverbindung. 13:50:50
- Serververbindung konnte nicht hergestellt werden..
Error - 13.06.2011 08:51:06 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:51:06 - Fehler beim Herstellen der Internetverbindung. 14:51:06
- Serververbindung konnte nicht hergestellt werden..
Error - 13.06.2011 08:51:13 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:51:11 - Fehler beim Herstellen der Internetverbindung. 14:51:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 12.07.2012 04:05:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx Wanarpv6
WfpLwf
Error - 12.07.2012 05:07:22 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 12.07.2012 05:07:22 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
Geändert von TL2000 (12.07.2012 um 10:41 Uhr) |
| Themen zu GVU-Trojaner (mit Webcam) entfernen |
| 32 bit, anleitung, beseitigen, black, call of duty, cftmon.lnk, ctfmon.lnk, ellung, entferne, entfernen, explorer.exe, folge, glom0, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, gvu-trojaner, heuristiks/extra, heuristiks/shuriken, hilfestellung, install.exe, ip-hilfsdienst, kompliziert, laien, leitung, microsoft office starter 2010, plug-in, punkt, redirect, searchscopes, stecken, troja, trojaner, webcam, webcam gvu trojaner, webcamfenster |
Baum-Darstellung