| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizeitrojaner entdeckt - Logs anbeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.08.2012, 15:18
| #1 |
| |  Bundespolizeitrojaner entdeckt - Logs anbei Hallo trojaner-board Team, heute hat es mich anscheinend erwischt. Vorhin hat der Bundestrojaner/UKASH mein System lahmgelegt. Habe dann im abgesicherten Modus Malwarebytes laufen lassen und es wurde ein Trojan.Agent.Gen unter Quarantäne gestellt. Nachdem ich mir hier ein paar Threads durchgelesen habe, lies ich OTL, Avira, MalwareBytes, CCCleaner, Temp File Cleaner,adwcleaner durchlaufen. Am meisten beunruhigt mich ja das versteckte Objekt im Avira Log, Avira empfiehlt eine Rescue CD zu erstellen und die durchlaufen zu lassen... Hier meine Logs: Avira Code:
ATTFilter
Avira Professional Security
Erstellungsdatum der Reportdatei: Donnerstag, 2. August 2012 13:46
Es wird nach 4050057 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHRIS-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1466 46760 Bytes 23.05.2012 16:50:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 24.05.2012 15:08:06
AVSCAN.DLL : 12.3.0.15 66256 Bytes 24.05.2012 15:08:06
LUKE.DLL : 12.3.0.15 68304 Bytes 24.05.2012 15:08:24
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 24.05.2012 15:08:47
AVREG.DLL : 12.3.0.17 232200 Bytes 24.05.2012 15:08:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 15:06:28
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:07:02
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:07:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:07:28
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:07:34
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 12:55:43
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 12:55:43
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 12:55:43
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 12:55:43
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 12:55:43
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 12:55:43
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 12:55:43
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 12:55:43
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 12:55:43
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 15:55:25
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 13:48:13
VBASE016.VDF : 7.11.38.71 2048 Bytes 31.07.2012 13:48:13
VBASE017.VDF : 7.11.38.72 2048 Bytes 31.07.2012 13:48:13
VBASE018.VDF : 7.11.38.73 2048 Bytes 31.07.2012 13:48:13
VBASE019.VDF : 7.11.38.74 2048 Bytes 31.07.2012 13:48:13
VBASE020.VDF : 7.11.38.75 2048 Bytes 31.07.2012 13:48:13
VBASE021.VDF : 7.11.38.76 2048 Bytes 31.07.2012 13:48:13
VBASE022.VDF : 7.11.38.77 2048 Bytes 31.07.2012 13:48:13
VBASE023.VDF : 7.11.38.78 2048 Bytes 31.07.2012 13:48:13
VBASE024.VDF : 7.11.38.79 2048 Bytes 31.07.2012 13:48:13
VBASE025.VDF : 7.11.38.80 2048 Bytes 31.07.2012 13:48:13
VBASE026.VDF : 7.11.38.81 2048 Bytes 31.07.2012 13:48:13
VBASE027.VDF : 7.11.38.82 2048 Bytes 31.07.2012 13:48:13
VBASE028.VDF : 7.11.38.83 2048 Bytes 31.07.2012 13:48:13
VBASE029.VDF : 7.11.38.84 2048 Bytes 31.07.2012 13:48:13
VBASE030.VDF : 7.11.38.85 2048 Bytes 31.07.2012 13:48:13
VBASE031.VDF : 7.11.38.140 159744 Bytes 02.08.2012 08:28:38
Engineversion : 8.2.10.120
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:01:21
AESCRIPT.DLL : 8.1.4.36 459131 Bytes 27.07.2012 08:44:48
AESCN.DLL : 8.1.8.2 131444 Bytes 24.05.2012 15:07:45
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 12:29:20
AERDL.DLL : 8.1.9.15 639348 Bytes 24.05.2012 15:07:44
AEPACK.DLL : 8.3.0.18 807287 Bytes 27.07.2012 08:44:48
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 12:14:42
AEHEUR.DLL : 8.1.4.80 5075318 Bytes 27.07.2012 08:44:48
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 11:55:24
AEGEN.DLL : 8.1.5.34 434548 Bytes 19.07.2012 12:14:39
AEEXP.DLL : 8.1.0.72 86389 Bytes 27.07.2012 08:44:49
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:01:20
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:01:20
AEBB.DLL : 8.1.1.0 53618 Bytes 24.05.2012 15:07:39
AVWINLL.DLL : 12.3.0.15 27344 Bytes 24.05.2012 15:05:31
AVPREF.DLL : 12.3.0.15 51920 Bytes 24.05.2012 15:08:06
AVREP.DLL : 12.3.0.15 179208 Bytes 24.05.2012 15:08:47
AVARKT.DLL : 12.3.0.15 211408 Bytes 24.05.2012 15:07:56
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 24.05.2012 15:07:58
SQLITE3.DLL : 3.7.0.1 398288 Bytes 24.05.2012 15:08:35
AVSMTP.DLL : 12.3.0.15 63952 Bytes 24.05.2012 15:08:07
NETNT.DLL : 12.3.0.15 17104 Bytes 24.05.2012 15:08:29
RCIMAGE.DLL : 12.3.0.15 4713680 Bytes 24.05.2012 15:05:32
RCTEXT.DLL : 12.3.0.15 98512 Bytes 24.05.2012 15:05:32
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 2. August 2012 13:46
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '227' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMgr.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Switcher.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzFw.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'VcmIAlzMgr.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'stacsv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3145' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Users\chriz\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\chriz\Downloads\Forentreffen.part01.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\chriz\Downloads\Final Fantasy VII (PC) Ultima Edition\Setup-1.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
Ende des Suchlaufs: Donnerstag, 2. August 2012 16:06
Benötigte Zeit: 2:20:10 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
25958 Verzeichnisse wurden überprüft
895695 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
895695 Dateien ohne Befall
6024 Archive wurden durchsucht
4 Warnungen
1 Hinweise
530030 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
MalwareBytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.02.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 chriz :: CHRIS-PC [Administrator] 02.08.2012 12:25:37 mbam-log-2012-08-02 (12-25-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333908 Laufzeit: 1 Stunde(n), 12 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 02.08.2012 12:55:11 - Run 6 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\chriz\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,16% Memory free 4,00 Gb Paging File | 2,50 Gb Available in Paging File | 62,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 176,24 Gb Total Space | 8,95 Gb Free Space | 5,08% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: chriz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\chriz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\chriz\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe (Oracle Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\chriz\Desktop\JavaRa\JavaRa.exe (The RaProducts Team: Paul McLain and Fred de Vries) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adobexmp.dll () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ccme_base.dll () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\cryptocme2.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\1031\nsextint.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (NSNDIS5) -- C:\Windows\system32\NSNDIS5.SYS File not found DRV - (asxyq2lt) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (EverestDriver) -- C:\Users\chriz\Desktop\Everest Ultimate\kerneld.wnt () DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {E87584EE-A620-4117-A1F3-ECEB4AF1F77B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes,DefaultScope = {E87584EE-A620-4117-A1F3-ECEB4AF1F77B} IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.readmore.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:19:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.11 02:49:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:19:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.11 02:49:43 | 000,000,000 | ---D | M] [2010.04.19 21:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chriz\AppData\Roaming\mozilla\Extensions [2012.08.02 11:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chriz\AppData\Roaming\mozilla\Firefox\Profiles\588nyvj1.default\extensions [2012.01.08 06:16:14 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\chriz\AppData\Roaming\mozilla\Firefox\Profiles\588nyvj1.default\extensions\chineseperakun@gmail.com [2008.10.18 19:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chriz\AppData\Roaming\mozilla\Sunbird\Profiles\izky56rr.default\extensions [2011.05.03 22:14:05 | 000,001,583 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\searchplugins\web-search.xml [2012.03.18 01:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.03.24 12:43:15 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\CHRIZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\588NYVJ1.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI [2012.07.18 20:19:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.12 06:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.06 21:39:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.06 21:39:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.06 21:39:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 21:39:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.06 21:39:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.06 21:39:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\chriz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C053E522-E255-4D89-8C47-0394D8575728}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO Tender Green Wallpaper 1280x800.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO Tender Green Wallpaper 1280x800.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\Shell - "" = AutoRun O33 - MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\Shell\AutoRun\command - "" = G:\baldur.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 12:50:08 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\chriz\Desktop\OTL.exe [2012.08.02 12:49:17 | 000,000,000 | ---D | C] -- C:\Users\chriz\Desktop\Logs [2012.08.02 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\chriz\Desktop\JavaRa [2012.08.02 12:23:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.02 10:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.08.02 10:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.08.02 10:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2008.08.16 01:27:02 | 019,957,488 | ---- | C] (Intel Corporation) -- C:\Users\chriz\winvista_159.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.02 12:50:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\chriz\Desktop\OTL.exe [2012.08.02 12:35:46 | 000,614,881 | ---- | M] () -- C:\Users\chriz\Desktop\adwcleaner.exe [2012.08.02 12:23:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 12:23:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 12:23:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.02 12:07:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.02 11:26:15 | 000,071,455 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\nvModes.001 [2012.08.02 10:23:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 10:23:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 10:23:17 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2012.08.01 17:14:52 | 000,071,455 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\nvModes.dat [2012.08.01 16:59:15 | 000,095,939 | ---- | M] () -- C:\Users\chriz\Desktop\error.png [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 12:35:46 | 000,614,881 | ---- | C] () -- C:\Users\chriz\Desktop\adwcleaner.exe [2012.08.01 16:59:15 | 000,095,939 | ---- | C] () -- C:\Users\chriz\Desktop\error.png [2011.06.30 21:34:15 | 000,151,840 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.11.15 13:34:31 | 000,000,000 | ---- | C] () -- C:\Users\chriz\defogger_reenable [2009.09.28 22:00:31 | 002,086,760 | ---- | C] () -- C:\Users\chriz\img021.jpg [2009.03.03 21:18:54 | 000,003,193 | ---- | C] () -- C:\Users\chriz\avatar-4754.jpg [2009.02.03 03:46:01 | 000,003,195 | ---- | C] () -- C:\Users\chriz\.sdedit.conf [2009.01.26 01:33:58 | 020,660,224 | ---- | C] () -- C:\Users\chriz\AppData\Roaming\Messages.mdb [2009.01.19 04:50:27 | 000,000,277 | ---- | C] () -- C:\Users\chriz\First.java [2009.01.15 23:31:32 | 000,570,018 | ---- | C] () -- C:\Users\chriz\EER_2002_Techn.Merkblatt_6TT.pdf [2008.06.16 15:50:29 | 000,071,455 | ---- | C] () -- C:\Users\chriz\AppData\Roaming\nvModes.dat [2008.06.16 15:50:29 | 000,071,455 | ---- | C] () -- C:\Users\chriz\AppData\Roaming\nvModes.001 ========== LOP Check ========== [2012.05.23 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\DAEMON Tools Lite [2011.10.05 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\DVDVideoSoft [2011.10.05 13:11:12 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.08 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\ICQ [2008.08.26 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\ICQ Toolbar [2010.04.19 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\InterVideo [2010.04.19 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\Lingoes [2010.11.04 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\LolClient [2012.05.23 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\LolClient2 [2011.07.27 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\MyPhoneExplorer [2012.05.17 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\TS3Client [2012.08.02 09:55:01 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\uTorrent [2011.09.11 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\WordToPDF [2012.07.26 07:19:54 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 12:55:11 - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\chriz\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,16% Memory free
4,00 Gb Paging File | 2,50 Gb Available in Paging File | 62,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 8,95 Gb Free Space | 5,08% Space Free | Partition Type: NTFS
Computer Name: CHRIS-PC | User Name: chriz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C241F1-906F-4837-8005-DCD6F839F24A}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{0FCFDEB0-D3F2-4F63-9720-904A96F8E432}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1F7FBF91-0D7D-4447-9F65-3F77BC07E39C}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{2E59BFD8-F583-45E7-9864-FA82EC049D3E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{2ED03363-6C64-43C0-9224-7B7A8CC4FE74}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{2F6497E8-CC47-4F41-B371-836477B6D3E1}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher |
"{307588EE-A6C5-4037-81A9-283F5595EF8B}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher |
"{32AF26B4-37BD-4D47-8F38-3D353FF79439}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B77C5BB-AE62-4CF8-BB66-74D9857B5284}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{51C08432-CDE8-4E23-8CD2-872B1D8FE4B1}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{529844F0-D4C5-418B-80D3-56F86AF54870}" = rport=137 | protocol=17 | dir=out | app=system |
"{580BD7F6-8EDF-4DCD-A05B-8C0A40E98463}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{5A6A05F4-AC6D-4EAC-B5AE-CE6B9C8F1C2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5EA6AD2E-088F-4C9D-B0E5-5D50BD7F73A4}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{607768B9-7ABD-40DC-8AF1-51FA3D228EC4}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{6513805D-C92E-4159-B501-E4D2BCA80EFA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{656A6AD9-B2D9-45E1-B91B-844BAE23AF93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6929AE59-AE66-4B70-B551-E993D5B119AD}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher |
"{6A3B500A-5500-43C1-B177-189EBB61111C}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{6CAE1A81-F6B8-4A3F-AE9F-9400E4C5048D}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{787F5D9F-F151-4D1A-AE74-96AA185B27F9}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher |
"{7B7348FC-08F5-4B31-9DCA-FE3D3FC73AA3}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{7EAF6786-C882-437B-9BE3-825A4AC4B0BF}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{84F3B413-E2ED-4EA7-BA14-0878551F9F13}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{880033E7-4B28-4753-B276-EDCA1ACB68A6}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{882C974A-D68D-4A79-87FA-ED3586450B02}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher |
"{8BCCCF4A-CB7A-4F89-B64C-9B7510708385}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C78D9C5-2D5F-43EF-AC63-B0B92E336BA8}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{91C0B9A6-A7E0-474F-8CEA-8BC19A7850E8}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{92726E06-BEB1-4E8D-B946-71B4F7CEA1E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A5C9628-FE9F-4417-9C4E-E65C486DC1BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B14288C-BD60-47BD-8D23-958BF720780D}" = rport=139 | protocol=6 | dir=out | app=system |
"{AB221638-4437-4157-8588-73231F493F11}" = rport=445 | protocol=6 | dir=out | app=system |
"{B15EF692-FA3C-40D6-8E83-62158759C86C}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{B15F6B6A-F61A-4473-B6E3-AE2D290D132E}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{B1F9CAC6-9664-4799-BD84-7A9EA84DFB7F}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher |
"{B25FCB4C-6D5D-4E53-9166-08952E255D08}" = rport=138 | protocol=17 | dir=out | app=system |
"{B85DB678-CF90-4D92-B6D9-3C120102D686}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB858D24-F2DA-4A9B-86D3-9BD62FE0C7EB}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{C751E4AB-6253-4D9E-9970-4351D5D7C563}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{CC52E8BD-D28B-4B11-958A-BDCBEDAD434F}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{D4EBEB04-DD8B-4655-B576-6685A6FD83A8}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{DD31FECD-CA34-443D-A868-F40E7506AE06}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher |
"{DF8EEBEE-7A0E-4F23-92F2-2C5BD3422110}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher |
"{E17C37BC-7574-4011-8708-1A9C456BBC48}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FE4F95A0-8F35-4F9C-964C-26BA2AD3D7B9}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{FEAE807B-1356-4A0F-88A3-48871532B650}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A5FD35-377F-43B3-8C07-1E92661CBB76}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{0463DAEF-7811-4801-A8B1-2F3FDF2C4ED6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1755F99A-820A-4AE4-95BE-585294944361}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1F918227-DE3B-4C75-87C4-94C44EE309C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{21C70D52-A7E2-45F8-95F5-5F5A56C7198C}" = protocol=6 | dir=in | app=c:\league of legends\air\lolclient.exe |
"{24F943A6-E911-4D37-816D-145A741527F0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{25BE620F-1F0C-4E13-92BF-C932AEFAEE6E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{375015AD-3EC1-44B1-B095-8A798769189F}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{37720196-8068-4A6D-9CCD-72D8685C4B23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3F799868-A83C-4348-BC4B-B36BDABDC505}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{40774E56-C278-426C-9AC1-89D239D30642}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{457442C5-AAB9-4603-AA4D-1BEF065F48F1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{507C4C78-AC64-49D0-AC0E-EF577156D626}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{51B2E955-B03D-4DC4-898B-CF65C05D0EB2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{545CB333-673C-4885-B161-DE2D9E9DCC33}" = protocol=17 | dir=in | app=c:\league of legends\game\league of legends.exe |
"{55579BF8-4601-4C49-ACE2-BA6D62C941DF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{61DD59EF-16C1-4717-9B22-CD90F03D433C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6335BD01-A912-4A80-876B-9EFCC0D8DAB0}" = protocol=6 | dir=in | app=c:\league of legends\game\league of legends.exe |
"{6581AACF-BF6E-4E0D-997E-F3C7C4E1CE8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{666A41B3-B379-4FE6-88EB-C19EA26E5CDE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{66916233-D3DC-4FF6-A4F7-8A0FAF70C23E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6D555F52-DEDF-44A8-9027-FC6A69787998}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6FE07B4C-B6E0-439F-B3A9-585EE661D99A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{7061C6E9-6010-448B-A984-6A718B972E9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7637EB8E-0BA8-428E-B283-674E6A780952}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{763E4FC8-FAE2-4C86-9274-B0168F56681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{79B44A92-7DE1-41C7-9FE8-CA0CAEDB8F46}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{886DF598-A501-41E8-B1E6-4DCAF6942139}" = protocol=6 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe |
"{8A67B9C7-2086-4E1A-9C4A-C93D9A34EC72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{93D2BE7E-AB90-40A5-94D2-249838F07A61}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{945B0C5E-F699-4861-BBCF-0285A4B08295}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{95E6ABE9-ED0A-4D69-9027-159E0CDB18B9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{9613C189-3A52-4EB9-93D1-0F9A88BA5690}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{9A3DCB8D-D6CB-4AA2-9EC3-4B5A6B0B625A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{9AEA0ABD-DB1B-40A7-8581-6589D8364138}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{9E3E65D3-B475-4A07-AEBA-F239BCF75336}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{A4BCD3B3-5038-4F6C-8E98-EDA8507836EA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{A76DB196-D08C-425D-8E0D-AFABF521C8B5}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{A8379D32-716E-42C8-B796-83F5C42288A3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AB96C472-069F-4010-BA59-0C73EEE7AF68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AC922372-BBD7-4977-9841-665FF5670D9C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{AF30D51A-8495-4088-8811-B6049C4EBF6D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B39F633F-7E7A-4DA8-86B6-E248576E6498}" = protocol=17 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe |
"{B4464B3F-F197-4927-881B-E4BF96AFDB7E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B6786A1A-46A5-417E-9357-FE5A88D71AC3}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{B7CC5182-7F41-49AE-89E9-A38BE542A8BE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B9943E0D-6884-4B6D-A4FE-4C93A3CDC9DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{BA3E22D7-7287-4A22-B5D2-7E267E6048D2}" = protocol=17 | dir=in | app=c:\league of legends\air\lolclient.exe |
"{BBEED90A-C73C-4884-BB36-C3FD452C9256}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BC0C0C16-4AB8-4BF1-955A-243FFDBB73F4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BDA03587-3800-4889-9944-88952DEEF993}" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"{C3E4B142-7370-4281-B07D-689E948DA033}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{C4269324-1E9A-4059-998C-5A3FDACDF724}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C5CB4147-7938-4462-9574-F6B1281E595C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CAD21E2B-6025-40A6-A703-C74CD3A13046}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{CB127B24-168F-4A89-B506-A0CA85C5A815}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{CE9E0697-6EC1-47A0-86DC-5A26B1007E5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D1214147-8320-44A4-97B7-FF408DD6B7B6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D66BA66B-1DEE-4896-892A-85369EA5BB99}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{D7EEDF0F-D690-42DF-BC7F-5A91C067B8CC}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{DBDCE47B-C794-4B19-B268-85B465B286D1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EC395FFD-64C0-47B2-B161-351FC3B65B6B}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{F8EAFDC1-34B8-4C04-9149-A2BDE2AABD57}" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{1512127F-40CA-4833-822B-E0AA11A630E2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{20D4A642-2015-40E3-B6E8-CF3F63927EC5}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{21CAC22B-373A-4C96-BECB-25518EFBD76D}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{2B13F138-8456-48C7-9EF2-208B874E00C2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3356A4F7-C1AE-4793-A6F6-81854B345221}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{43873C80-AC12-4FB3-A3A2-0961307DFB9F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{59DCD455-7B3C-4E0C-82BB-6B8EC979F11D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6063009F-D621-4F55-8447-664F379F77F2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{69F5DEEE-3E31-4DB3-9ED3-C123C0C18947}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{6E23A3FA-AED9-4EC1-98FF-000713F00236}C:\users\chriz\desktop\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\chriz\desktop\flatout2\flatout2.exe |
"TCP Query User{700AD149-6DC3-4CBD-A59A-CF61C705BB1E}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{8298B8E8-402C-4F0A-A893-E20C84774599}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{8A92BBE8-7325-4212-9585-3EF77C731D2B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{8C8B04BA-E5F4-4D13-8D51-A2C98D4698C3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{9CA252DD-FA90-4BEE-B1BF-DDDE67DDC1C0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9D043FF0-374A-4C2D-9778-848B16443E3B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A69F0C74-3AC9-411F-AD29-8B3ECA583CF4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B86E1132-F62A-4D29-8338-2CB727EC7664}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{C8D95EDD-4017-4CE7-B2BC-2DBB55A3D55A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{CC67D390-5BFE-4D6E-880B-51C6D72BE479}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{D0C005FC-1992-41D9-B3B4-729C5899C28F}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{DAC229DF-1529-4B90-92CE-6378A65FAB50}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DD816A11-8230-4F7B-A255-E76445B65FC5}C:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe |
"UDP Query User{0FC39C1A-17E1-41DD-B9AC-2BB5410C8619}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{15674B55-F2DC-437A-998C-13DCB5A6EC11}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1611DC9C-4DCD-4D25-A6AE-747A5F007BFA}C:\users\chriz\desktop\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\chriz\desktop\flatout2\flatout2.exe |
"UDP Query User{1B80AC34-2BE8-47D4-BC6C-4920333819DC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2F86645E-20B3-4950-8511-06E4A98B68AA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3D89B994-C2B3-44CC-AF7E-C5F09B9EDD32}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{493CF04A-A959-4384-B102-4E2D4619B662}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{4C2A7F3A-E378-4154-8444-6DA5CFC0A615}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{55A59975-F397-4BB4-B83E-725EB7F2EBAD}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{61735BD6-311E-46DE-B442-46FC836AF34E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{70FF5B12-17C2-46BA-AB88-BC12FEA40FBF}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{79AAD8B4-AF80-48C8-BB9B-02EEFB36DA34}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{7AFC5599-A13B-4C24-A8DE-CC1556A4E120}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7B6C3E02-CEBD-4673-9206-5CEFA7AA022C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{83DF692C-8B58-4856-9C58-5AE7B823B211}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8484B4AD-0DA7-4D47-911D-3599A839D809}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{89D5763A-E9C1-41C0-B383-6A8E07262C64}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{90BD53E7-4AE6-4094-95DE-4B81CF91FD28}C:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe |
"UDP Query User{93C440D3-9A31-4F41-8EBE-C112DF58952A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D6D4F43F-2318-47FC-8320-A41644078DBB}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{DD50EB20-6B9C-47B8-90B4-6A5981FA9F7F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{ECAF81A3-0610-4655-94FE-63B099A7FD89}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"UDP Query User{F6B7FB52-3768-4CF2-82C7-B605ECBD5FD0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{C22826DB-8064-4607-9816-1B5B62358C3C}" = inSSIDer 2.0
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Professional Security
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"eBay HTML" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQ Password" = ICQ Password
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IsoBuster_is1" = IsoBuster 2.8.5
"JCreator LE_is1" = JCreator LE 4.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"Security Task Manager" = Security Task Manager 1.8d
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 3.2
"SopCast" = SopCast 3.2.9
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VLC media player 1.0.2
"Wecker 2.2" = Wecker 2.2 2.2
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.4
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.09.2011 21:08:46 | Computer Name = chris-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 29.09.2011 21:08:51 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 29.09.2011 21:08:51 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.09.2011 07:52:18 | Computer Name = chris-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 30.09.2011 07:52:21 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.09.2011 07:52:21 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.09.2011 09:59:20 | Computer Name = chris-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 30.09.2011 10:33:07 | Computer Name = chris-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.10.2011 10:03:41 | Computer Name = chris-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 01.10.2011 10:03:43 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.10.2011 10:03:43 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.10.2011 10:35:57 | Computer Name = chris-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 02.08.2012 04:00:47 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 04:07:39 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 02.08.2012 04:07:39 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 02.08.2012 04:08:26 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 02.08.2012 04:08:38 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 02.08.2012 04:08:38 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.08.2012 04:12:00 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 02.08.2012 04:12:00 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.08.2012 04:12:00 | Computer Name = chris-PC | Source = DCOM | ID = 10005
Description =
Error - 02.08.2012 05:59:40 | Computer Name = chris-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/02/2012 at 13:38:27
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : chriz - CHRIS-PC
# Running from : C:\Users\chriz\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\chriz\Desktop\Save
Folder Found : C:\ProgramData\Trymedia
File Found : C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\searchplugins\web-search.xml
***** [Registry] *****
Key Found : HKLM\SOFTWARE\DT Soft
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\prefs.js
Found : user_pref("browser.search.defaultenginename", "Web Search...");
Found : user_pref("extensions.vshare@toolbar.update.enabled", false);
Found : user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");
*************************
AdwCleaner[R1].txt - [1270 octets] - [02/08/2012 12:35:54]
AdwCleaner[R2].txt - [1199 octets] - [02/08/2012 13:38:27]
########## EOF - C:\AdwCleaner[R2].txt - [1327 octets] ##########
|
| Themen zu Bundespolizeitrojaner entdeckt - Logs anbei |
| adwcleaner, antivir, antivirus, avira, battle.net, bho, desktop, eraser, error, excel, firefox, flash player, google earth, grand theft auto, hier meine logs, home, hängen, install.exe, league of legends, logfile, mozilla, picasa, plug-in, programm, prozesse, registry, rescue cd, rundll, software, svchost.exe, system, taskhost.exe, teamspeak, trojan.agent.ge, trojaner-board, verweise, virus, vista, warnung, windows |
Baum-Darstellung