Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Browser öffnet eigenständig Werbefenster

Browser öffnet eigenständig Werbefenster


Log-Analyse und Auswertung: Browser öffnet eigenständig Werbefenster

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.12.2012, 20:53   #1
spzle
 
Browser öffnet eigenständig Werbefenster - Standard

Browser öffnet eigenständig Werbefenster


Hallo liebe Leute,

ich habe folgendes Problem: mein Browser (Firefox 13.0.1 unter Windows 7, 32-bit) öffnet wie wild Werbefenster (z.B www.planet49.com, World of Tanks Werbung, survey.nuggad.net etc.)auch wenn ich nicht surfe, bzw. auch wenn ich garnicht am Comuter arbeite. Auch spinnt mein Touchpad ziemlich häufig rum, ich vermute aber dass letzteres mit dem Virus nichts zu tun hat und eher auf Altersschwäche zurückzuführen ist.
Weder Malwarebytes noch avira antivir haben bisher was finden können. Auch habe ich HijackThis einen logfile erstellen und automatisch auswerten lassen, die auch nichts auffälliges zutage gebracht hat. Habe aber jetzt gelesen, dass HijackThis bei Windows 7 nicht so dolle sein soll und automat. Auswertungen eh nichts bringen. Daher hier nun die OTL und Gmer-Auswertung entsprechend eurer Anleitung. Habe Komm ich noch um ne komplette Neuinstallation herum oder bin ich schon böse infiziert? Ich hoffe ihr könnt mir helfen und ich habe alle wichtigen Infos angegeben.

Vielen Dank schon mal und viele Grüße

spzle

gmer.log:

---- System - GMER 1.0.15 ----

SSDT 8B6C831E ZwCreateSection
SSDT 8B6C8328 ZwRequestWaitReplyPort
SSDT 8B6C8323 ZwSetContextThread
SSDT 8B6C832D ZwSetSecurityObject
SSDT 8B6C8332 ZwSystemDebugControl
SSDT 8B6C82BF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E44A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E7E4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81E8562C 4 Bytes [1E, 83, 6C, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81E85988 4 Bytes [28, 83, 6C, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81E859CC 4 Bytes [23, 83, 6C, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81E85A48 4 Bytes [2D, 83, 6C, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81E85A9C 4 Bytes [32, 83, 6C, 8B]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8BA06000, 0x23097E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

otl.txt:
OTL logfile created on: 16.12.2012 18:14:53 - Run 1
OTL by Oldtimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 67,57% Memory free
3,75 Gb Paging File | 2,59 Gb Available in Paging File | 69,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,96 Gb Total Space | 5,56 Gb Free Space | 18,55% Space Free | Partition Type: NTFS
Drive D: | 156,25 Gb Total Space | 70,02 Gb Free Space | 44,81% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.16 17:45:31 | 000,050,477 | ---- | M] () -- C:\Users\***\Downloads\Defogger.exe
PRC - [2012.12.16 15:45:25 | 000,602,112 | ---- | M] (Old***er Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 13:54:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 18:02:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:01:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:01:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.06 20:48:54 | 002,051,880 | ---- | M] (NesterSoft Inc.) -- C:\Program Files\***eLeft3\***eLeft.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtWlan.exe
PRC - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe
PRC - [2009.08.21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009.08.21 09:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009.08.05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009.07.28 14:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007.05.31 15:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.16 17:45:31 | 000,050,477 | ---- | M] () -- C:\Users\***\Downloads\Defogger.exe
MOD - [2012.04.10 16:54:14 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.04.10 16:54:14 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2009.07.16 15:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009.07.16 15:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2009.03.12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2005.04.19 12:53:44 | 000,013,824 | ---- | M] () -- C:\Program Files\***eLeft3\TrayClock.dll


========== Services (SafeList) ==========

SRV - [2012.12.12 02:01:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.18 04:35:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 18:02:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:01:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.05 14:08:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009.08.21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2012.05.08 18:02:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:02:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.05.20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.07 07:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.06.10 13:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008.12.01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_***ESTAMP = DB D1 F2 55 68 93 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: contextMenuExtension@leo.org:0.3.1
FF - prefs.js..extensions.enabledAddons: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.6.3
FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.14 14:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 04:35:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.14 14:26:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\***\AppData\Roaming\13001.023 [2012.07.12 19:08:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 04:35:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.03.02 23:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.12 11:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\27juis64.default\extensions
[2012.03.03 18:01:53 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\27juis64.default\extensions\contextMenuExtension@leo.org.xpi
[2012.05.12 11:32:17 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\27juis64.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2012.03.03 18:02:12 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\27juis64.default\searchplugins\firefox-add-ons.xml
[2012.09.30 21:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.30 21:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.07.12 19:08:36 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\ROAMING\13001.023
[2012.06.18 04:35:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 04:35:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 04:35:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 04:35:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 04:35:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 04:35:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 04:35:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\***eLeft.lnk = C:\Program Files\***eLeft3\***eLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 85.214.73.63 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E8A7ED-6150-4553-A1FC-3281FC8DB7F8}: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1AA8438-0644-41C9-846B-89EA7E25D191}: DhcpNameServer = 8.8.8.8 85.214.73.63 193.189.244.194
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.12 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\***\Citrix
[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.16 18:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.16 17:46:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.12.16 13:14:16 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 13:14:16 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 13:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.16 13:05:59 | 1508,081,664 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 10:26:46 | 000,295,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.12 10:48:10 | 000,029,839 | ---- | M] () -- C:\Users\***\Desktop\Handout Kolloquium kurz.odt
[2012.12.12 10:48:09 | 000,000,100 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.Handout Kolloquium kurz.odt#
[2012.12.12 10:33:50 | 000,030,144 | ---- | M] () -- C:\Users\***\Desktop\Handout Kolloquium.odt
[2012.12.10 11:55:45 | 000,028,326 | ---- | M] () -- C:\Users\***\Desktop\Protokoll 6oder so Figal.odt
[2012.12.10 11:55:43 | 000,000,100 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.Protokoll 6oder so Figal.odt#
[2012.12.03 11:49:38 | 000,031,744 | ---- | M] () -- C:\Users\***\Desktop\protokoll4odersoFigal.odt
[2012.12.01 23:33:49 | 000,227,840 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit Hauptseminar *** Kiefer 1.12..pdf
[2012.11.25 21:30:52 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.25 21:30:52 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.25 21:30:52 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.25 21:30:52 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.16 17:46:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.12.12 10:34:07 | 000,000,100 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.Handout Kolloquium kurz.odt#
[2012.12.12 10:34:05 | 000,029,839 | ---- | C] () -- C:\Users\***\Desktop\Handout Kolloquium kurz.odt
[2012.12.12 03:08:24 | 000,030,144 | ---- | C] () -- C:\Users\***\Desktop\Handout Kolloquium.odt
[2012.12.10 11:55:43 | 000,000,100 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.Protokoll 6oder so Figal.odt#
[2012.12.10 11:55:41 | 000,028,326 | ---- | C] () -- C:\Users\***\Desktop\Protokoll 6oder so Figal.odt
[2012.12.03 11:49:35 | 000,031,744 | ---- | C] () -- C:\Users\***\Desktop\protokoll4odersoFigal.odt
[2012.12.01 23:33:49 | 000,227,840 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit Hauptseminar *** Kiefer 1.12..pdf
[2012.08.15 09:05:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.15 09:05:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.07.12 14:22:41 | 000,000,051 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.06.14 14:20:25 | 000,256,618 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012.06.14 14:20:25 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2012.05.24 11:35:31 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.04.15 17:04:15 | 000,000,391 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.03.05 12:17:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.03.04 12:27:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.03 17:21:17 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.03.03 17:21:16 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.03.03 17:21:16 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.03.03 17:21:16 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.03.02 23:38:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.12 14:22:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.022
[2012.07.12 19:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.023
[2012.03.30 20:47:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.05.24 11:35:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS
[2012.12.16 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.11.06 20:23:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.07.12 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012.03.14 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lingo4u
[2012.04.08 14:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NesterSoft
[2012.04.10 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.05.24 12:20:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.12.09 00:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.03.03 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toshiba
[2012.03.03 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.07.12 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012.08.03 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vyeq
[2012.03.03 15:10:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch
[2012.07.12 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2012.08.02 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zyyf

========== Purity Check ==========



< End of report >

Extras.txt:
OTL Extras logfile created on: 16.12.2012 18:14:53 - Run 1
OTL by Oldtimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 67,57% Memory free
3,75 Gb Paging File | 2,59 Gb Available in Paging File | 69,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,96 Gb Total Space | 5,56 Gb Free Space | 18,55% Space Free | Partition Type: NTFS
Drive D: | 156,25 Gb Total Space | 70,02 Gb Free Space | 44,81% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B721395-2FB4-484D-A15E-97E6F9923682}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{213F61E1-CB8E-4E65-ABFA-714FF5DE5714}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41FB228A-C893-4DF3-8C8E-FA39E88972BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56B76F73-6782-40B2-B16C-F6C16C4A91F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5862C1BC-E7BC-4AF6-AE9E-6BEC833379CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{5EE57062-BB19-4A7B-B6A5-0BC684310FDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{603CE5FA-ACCB-4A6C-82D5-C3CC4151970B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6301A82B-C128-4D46-9580-6F07D3089D40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6371E1A9-04D4-4EDF-B663-4EB1FCC40DF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63DFA62F-09C5-4164-A5E0-36FD99B119D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{63F357DF-D990-461A-AF31-6FEFD8F89341}" = lport=137 | protocol=17 | dir=in | app=system |
"{6834CEA5-03C3-4D5B-B4E3-9A2A0242F909}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B71C696-CFE9-49CD-912F-6C1E32470842}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6C95A21F-5CB8-4772-B2D7-B30819DE307B}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{6D5FCE3F-A889-4FF6-BC17-46C3777D2F2B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7490712B-F5DC-4882-AEE0-498CC87D849E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{781A106B-8513-47C0-89D0-487189FE8A2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78414D8F-B723-4B3F-A125-C467433E6DDF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{825AF187-4945-4CF9-B391-EF16F2300A48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{903B098F-E24F-41AB-B358-1FBF9362004A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BDDA05E-CA26-4ACE-9A69-EFA3B8C78E69}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4D10043-7CAE-4051-9022-9B2DB6257223}" = lport=139 | protocol=6 | dir=in | app=system |
"{B32CD4EB-0403-4A82-9E37-3E58861EE9CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF086442-D1E8-46BE-9B8D-D44F74A4DFC4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C0EEA53B-984F-484A-A053-78796305B7B2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C75289F4-3074-4552-95C8-911629445956}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7D77B59-D4EA-43C1-A676-B533934946EF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CEC721C2-4E9A-4A8C-BDA7-BB0D10D4E754}" = rport=139 | protocol=6 | dir=out | app=system |
"{D24ADF05-7F37-4E44-9CD8-D3CAB4E5AC1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3EA0074-B0E3-48CB-A72A-2EC09FF4191E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{E2FCF72A-EEA0-4B27-A600-431D9F924C14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E7377CE5-835C-4009-A644-AFE6C8CACB15}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097CBA45-F2C3-4A9C-B43C-AC4AFBFAD027}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{0A0170F4-CFE9-423B-B6ED-E90F152784BD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{0FE4E84C-9989-4AFD-8E06-B1187B421435}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12FE2F52-FB89-4038-99EC-1A4B1802BC55}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"{15D8C0D0-EA6C-4672-A706-2D3176F0BACF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B24A12E-0632-47A0-A1EE-9FBDB6AFDB48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D85734E-E7C2-4AAD-920D-C1EE4855DDEA}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"{27BDF824-930A-4D18-BBCE-F9056133BD58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CCE02FD-9C73-44DC-BFCD-8C4ED7F9EE5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{305C70D9-378E-4917-B16A-4C17C59C808C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{324E9E28-3534-43BC-913F-2434EFAE97DD}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{390A26A6-F8BA-406E-A5C6-3C2EF486EC7A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B5D2C09-8516-4190-BD25-CD6DD7B855F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FB30A7E-C752-4419-B65C-E95C966BD06E}" = protocol=6 | dir=out | app=system |
"{4FD17006-AAE8-4499-9192-7404F090CE47}" = protocol=17 | dir=in | app=c:\program files\realtek\rtl8187b wireless lan utility\rtwlan.exe |
"{5A75174A-5F64-446C-85BE-03E446A186BC}" = protocol=6 | dir=in | app=c:\program files\realtek\rtl8187b wireless lan utility\rtwlan.exe |
"{60D4E12E-81F4-4D3E-A352-53D4F25AE49D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B380283-CB7B-4032-B21F-19046674B988}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{71D55830-1295-43EC-B846-147795479491}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7375CC45-E1FA-47D7-8305-5C976A715252}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74A067E0-A75C-41B1-945D-C6277EA50D2B}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{751C2D6C-835D-45FD-8E6F-857F7932B50E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{82546ED6-2BF0-426E-BD04-529356F79295}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8307841F-0C2D-4DE1-B697-AC193BEB2968}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83687304-3567-4999-A4C5-5F411425D4AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{888F50FE-7028-4AC8-88D3-CCF15D84D855}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{91017078-D3BC-414B-A6E8-24FE4D497948}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{915362CD-0B05-4BE7-AABD-B9FC4D60FEB5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{99A55B8F-1C7F-4D2B-B752-CD638BDA8C0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0751F94-9BB4-45EC-8C36-77930A0FA70E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9025920-690C-4054-8E8E-5EC57C3032B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB79817B-E8BB-4AF7-9892-EFFDD873F695}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C400A5BE-9C18-4503-9324-CC11E9DD3308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB2B32E8-6287-461C-85A5-D5EC3D92C60C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D06CDE8C-DD0D-4AFA-B17F-7D39CBFAEF28}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{D25C42CF-2BC6-43F4-9ABD-4549A3351A93}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D4A57879-95BC-4C3C-903F-AAB067B7159D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{E4B2532A-C7A6-4769-8304-C6CA5DBA8D63}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{E4B5343B-9796-45D5-94A0-A3248AA738D8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{E6649C68-31D4-4472-981B-84C533C6D446}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E970F939-1FF4-4CD9-AB78-C6D83A589E4E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{ECE448B7-8A4A-4C61-82A0-1EB14C7A1839}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEC611F9-E112-4993-8B6A-BE3B7891D521}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{F0017441-0E75-48C9-9E5A-D857498A6FB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F1537788-FC13-4132-9ACB-4EAC02D00F75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F3CCA3E8-8F3E-446A-AE83-E8BD8FE77F6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB959F32-7EB0-4EE3-A169-A54D366A261D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDD2A394-FC54-4079-94AA-EAC5C5B66117}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{A476C675-36F8-4731-A20C-8C99C934BE89}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{A856CB67-0E88-4513-BCEB-A14D39C725F6}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5230AAA6-C417-47CA-8028-EF8133B984A6}" = 6000E609a
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK Wireless LAN Driver and Utility
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Foxit Reader_is1" = Foxit Reader 5.1
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ISRF2_15_676852" = Interaktive Sprachreise - Français Sprachkurs 2
"LingoPad_is1" = LingoPad 2.5.1 (Build 325)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Editor 3" = PDF Editor 3
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"***ELEFT3_is1" = ***eLeft
"VLC media player" = VLC media player 2.0.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2012 11:20:36 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0061-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.

Error - 10.12.2012 19:47:27 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 11.12.2012 22:02:09 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12.12.2012 19:50:51 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 13.12.2012 12:00:53 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 14.12.2012 11:36:30 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 14.12.2012 21:55:08 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 15.12.2012 19:07:47 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 16.12.2012 08:12:12 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 16.12.2012 11:04:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f88 Startzeit:
01cddb9c1f89f222 Endzeit: 10 Anwendungspfad: C:\Users\***\Downloads\OTL.exe Berichts-ID:


[ System Events ]
Error - 24.07.2012 10:29:05 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =

Error - 24.07.2012 10:29:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535

Error - 24.07.2012 10:29:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535

Error - 24.07.2012 10:37:11 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =

Error - 24.07.2012 10:37:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535

Error - 24.07.2012 10:37:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535

Error - 24.07.2012 10:37:27 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102
Description =

Error - 24.07.2012 10:37:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535

Error - 24.07.2012 10:37:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535

Error - 25.07.2012 05:42:51 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?07.?2012 um 11:41:55 unerwartet heruntergefahren.


< End of report >

 

Themen zu Browser öffnet eigenständig Werbefenster
.com, 32 bit, 7-zip, antivir, application/pdf:, audiograbber, auswerten, avira, bingbar, browser, comuter, desktop, downloader, error, failed, firefox, flash player, hijack, hijackthis, home, infiziert?, install.exe, logfile, mp3, msiinstaller, officejet, plug-in, problem, realtek, scan, software, system, virus, werbefenster, werbung, windows


« GVU-Trojaner eingefangen, wie säubere ich meinen PC? | Trojaner/Fehler/weißer Hintergrund Paysave bezahlen »


Ähnliche Themen: Browser öffnet eigenständig Werbefenster


  1. Windows 10: Chrome-Browser öffnet eigenständig Seite von Watch4.de
    Log-Analyse und Auswertung - 28.09.2015 (5)
  2. Internet Explorer öffnet sich mehrmals,eigenständig im Hintergrund.
    Plagegeister aller Art und deren Bekämpfung - 01.06.2015 (8)
  3. Windows 7 : Firefox öffnet eigenständig tabs mit Werbung.
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (15)
  4. Browser startet automatisch, Tabs öffnen sich eigenständig mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.10.2014 (13)
  5. Google Chrome öffnet eigenständig; h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  6. schon wieder öffnen sich eigenständig Werbefenster im Chrome -.-
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (16)
  7. Google öffnet sich eigenständig
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (17)
  8. Firefox öffnet eigenständig ein Tab(http://e.ligatus.com/LigatusFallback.gif?ids=34088)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  9. Firefox öffnet eigenständig Tabs mit dem Link http://www.xn--34-jfa70azaif3a3ko249a.com/
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (2)
  10. IE öffnet eigenständig neue Fenster, tlw mit Media Player
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (17)
  11. Browser öffnet neue Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (15)
  12. Hilfe, mein browser öffnet andauernd Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 29.11.2008 (1)
  13. Browser öffnet selsbt Werbefenster. Kaspersky kann kein Update mehr machen u.s.w.
    Log-Analyse und Auswertung - 30.10.2008 (2)
  14. Explorer öffnet eigenständig Seiten
    Log-Analyse und Auswertung - 31.05.2008 (2)
  15. Internet Browser startet eigenständig
    Plagegeister aller Art und deren Bekämpfung - 05.01.2007 (1)
  16. Browser öffnet von allein Werbefenster
    Log-Analyse und Auswertung - 24.04.2005 (7)
  17. Browser öffnet von allein Werbefenster
    Log-Analyse und Auswertung - 24.04.2005 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Browser öffnet eigenständig Werbefenster - Hallo liebe Leute, ich habe folgendes Problem: mein Browser (Firefox 13.0.1 unter Windows 7, 32-bit) öffnet wie wild Werbefenster (z.B www.planet49.com, World of Tanks Werbung, survey.nuggad.net etc.)auch wenn ich nicht - Browser öffnet eigenständig Werbefenster...
Archiv
Du betrachtest: Browser öffnet eigenständig Werbefenster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131