Hallo,
immer wenn ich mit Youtube ein Video angucke bzw Musik höre wird mein PC total langsamund die Programme hängen immer wieder rum. Das ist bei Firefox und bei IE so. ich hab mal wärenddessen auf die systemauslastung geguckt ( bei Task Manager) und die war jetzt nicht besonders hoch...( mal 20 oder 25 % aber nicht mehr).
Woran kann das liegen ?
Danke schonmal
LG Gonzo
Hallo Gonzo,
betrifft das denselben Computer, wie in diesem Thread?
=> Bundespolizei trojaner
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
Oh, hätte ich vielleicht erwähnen sollen, nein es handelt sich um einen anderen Computer. Hier besteht nur das oben beschriebene Problem mit Youtube.
Hallo Gonzo1990,
ok, dann mache bitte zunächst:
Systemscan mit OTL
Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Alternativer Downloadlink: http://www.itxassociates.com/OT-Tools/OTL.exe
- Doppelklick auf die OTL.exe
- Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
- Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe- Unter Extra-Registrierung wähle bitte Benutze SafeList.
- Mache Häckchen bei LOP- und Purity-Prüfung.
Mache hier zusätzlich einen Haken bei "Scanne alle Benutzer".- User mit 64Bit-Systemen machen auch einen Haken bei "Include 64Bit-Scan".
- Klicke nun auf Scan links oben.
- Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
- Sofern Dein realer Nachname Bestandteil des Benutzernamens ist:
anonymisiere diesen durch 5 Sternchen *****, am besten im Editor durch "Suchen und Ersetzen".
Vornamen oder sonstige Usernamen brauchen nicht anonymisiert werden.
Beispiel: Lieschen Müller - hier Müller durch ***** ersetzen.
Ist der Benutzername nur Lieschen kann er so bleiben, wie er ist.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt- Füge die beiden Logfiles OTL.txt und Extras.txt als Anhang ein, indem Du unterhalb des Textfeldes auf Erweitert klickst und die Logdateien einzeln über Anhänge verwalten hochlädst.
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
extras:Code:OTL logfile created on: 16.07.2012 16:23:52 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,43 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 66,11% Memory free 6,85 Gb Paging File | 5,66 Gb Available in Paging File | 82,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 362,46 Gb Free Space | 85,35% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,45 Gb Free Space | 51,14% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.16 16:22:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012.07.05 17:48:19 | 001,756,000 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe PRC - [2012.06.20 10:36:32 | 000,304,480 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2012.06.14 21:08:43 | 000,178,016 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe PRC - [2012.06.14 21:08:41 | 000,321,376 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe PRC - [2010.03.02 15:18:50 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010.01.13 11:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe PRC - [2009.12.14 12:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2009.12.11 16:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.20 10:39:41 | 000,073,568 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll MOD - [2012.03.02 14:18:49 | 000,072,320 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll MOD - [2012.03.02 14:18:49 | 000,030,848 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll MOD - [2012.03.02 14:18:49 | 000,023,680 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll MOD - [2012.03.02 14:18:49 | 000,014,976 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpInspectorRes.dll MOD - [2012.03.02 14:18:45 | 000,450,392 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\LibXml2.dll MOD - [2012.03.02 14:18:43 | 000,482,648 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\SQLite.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.11 22:00:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.10 15:07:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.27 13:40:05 | 000,215,904 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV - [2012.06.20 10:39:47 | 000,457,056 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire) SRV - [2012.06.20 10:39:37 | 000,391,520 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV - [2012.06.20 10:36:32 | 000,304,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV - [2012.06.14 21:08:43 | 000,227,168 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2012.06.14 21:08:43 | 000,178,016 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV - [2012.06.14 21:08:43 | 000,060,256 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup) SRV - [2012.06.14 21:08:41 | 000,321,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan) SRV - [2012.03.12 00:53:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - [2012.06.20 10:39:45 | 000,033,920 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Afw.sys -- (AFW) DRV - [2012.06.20 10:39:38 | 000,339,584 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AfwCore.sys -- (afwcore) DRV - [2012.03.02 14:18:49 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver) DRV - [2012.03.02 14:18:48 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver) DRV - [2012.03.02 14:18:47 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos) DRV - [2011.05.09 20:33:53 | 000,061,152 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt) DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet) DRV - [2010.07.08 15:59:58 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\profos.sys -- (Profos) DRV - [2010.02.10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010.01.19 18:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.01.08 04:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009.12.22 19:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.09.18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009.07.31 03:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data] IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com/ [binary data] IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes\{529A0B83-F426-496A-9924-A51A204B7156}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms} IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "web.de" FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.10 15:07:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.04 20:13:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.10 15:07:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.04 20:13:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012.03.02 15:23:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012.06.05 22:07:12 | 000,000,000 | ---D | M] [2010.09.29 13:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.05.02 23:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\xiksrng1.default\extensions [2011.08.11 19:54:23 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xiksrng1.default\searchplugins\sweetim.xml [2012.06.26 16:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.26 16:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.07.10 15:07:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C656E6C-B02A-465C-9DE5-B0FAD9B5B6C3}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4927DDA3-FD86-4AA8-98D1-0A4945421E68}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51554410-0E08-4E28-BE2D-1B39B29EAC77}: Domain = uni-trier.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51554410-0E08-4E28-BE2D-1B39B29EAC77}: NameServer = 136.199.8.101,136.199.8.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC9F1210-1BEF-45C9-AFCA-B391AF62C0F2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2c83dc37-32ea-11e1-b303-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{2c83dc37-32ea-11e1-b303-00262df85a9b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{801502bd-1d95-11e0-bb8d-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{801502bd-1d95-11e0-bb8d-00262df85a9b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e9663f43-b586-11e0-b2ec-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{e9663f43-b586-11e0-b2ec-00262df85a9b}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.16 16:22:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.07.11 20:41:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 20:41:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 20:41:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 20:41:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 20:41:22 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 20:41:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 20:41:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 20:37:56 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 20:26:11 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 20:26:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 20:26:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.04 20:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.07.04 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.06.26 16:02:32 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.26 16:02:30 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.06.26 16:02:29 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.06.26 16:02:29 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.06.22 12:16:36 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.22 12:16:35 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.22 12:16:20 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.22 12:16:20 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.22 12:16:19 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.22 12:16:09 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.22 12:16:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.19 23:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2012.06.19 23:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7M [3 C:\Users\*****\Documents\*.tmp files -> C:\Users\*****\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.16 16:28:14 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 16:28:14 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 16:22:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.07.16 16:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.16 15:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.16 15:12:25 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys [2012.07.16 13:57:35 | 004,008,862 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.16 13:57:35 | 001,625,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.16 13:57:35 | 001,201,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.16 13:57:35 | 001,072,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.11 23:57:52 | 000,017,402 | ---- | M] () -- C:\Users\*****\Documents\cc_20120711_235748.reg [2012.07.11 22:00:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.11 22:00:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.11 21:58:57 | 000,418,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.09 16:02:33 | 000,013,939 | ---- | M] () -- C:\Users\*****\Desktop\*****1021450NEU.ods [2012.07.08 18:41:30 | 000,014,505 | ---- | M] () -- C:\Users\*****\Desktop\*****1021450.ods [2012.07.08 18:39:58 | 000,033,938 | ---- | M] () -- C:\Users\*****\Desktop\2673159-scherenschnitt-einer-hangematte-zwischen-zwei-palmen-im-sonnenuntergang.jpg [2012.07.04 23:15:28 | 000,075,670 | ---- | M] () -- C:\Users\*****\Desktop\Bed_Uebung12_SoSe2012_BastianGross.pdf [2012.07.04 23:15:19 | 000,063,262 | ---- | M] () -- C:\Users\*****\Desktop\Bed_Uebung11_SoSe2012_BastianGross.pdf [2012.06.26 16:02:17 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.26 16:02:17 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.06.26 16:02:17 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.06.26 16:02:17 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.06.26 16:02:17 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.06.20 10:39:45 | 000,033,920 | R--- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\Afw.sys [2012.06.20 10:39:38 | 000,339,584 | R--- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\AfwCore.sys [3 C:\Users\*****\Documents\*.tmp files -> C:\Users\*****\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.11 23:57:50 | 000,017,402 | ---- | C] () -- C:\Users\*****\Documents\cc_20120711_235748.reg [2012.07.09 16:02:31 | 000,013,939 | ---- | C] () -- C:\Users\*****\Desktop\*****1021450NEU.ods [2012.07.08 18:41:27 | 000,014,505 | ---- | C] () -- C:\Users\*****\Desktop\*****1021450.ods [2012.07.08 18:39:56 | 000,033,938 | ---- | C] () -- C:\Users\*****\Desktop\2673159-scherenschnitt-einer-hangematte-zwischen-zwei-palmen-im-sonnenuntergang.jpg [2012.07.04 23:15:28 | 000,075,670 | ---- | C] () -- C:\Users\*****\Desktop\Bed_Uebung12_SoSe2012_BastianGross.pdf [2012.07.04 23:15:19 | 000,063,262 | ---- | C] () -- C:\Users\*****\Desktop\Bed_Uebung11_SoSe2012_BastianGross.pdf [2011.12.15 22:07:08 | 000,362,830 | ---- | C] () -- C:\Users\*****\DSCI0401_Kopie.JPG [2011.04.08 01:08:42 | 000,000,098 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat [2010.11.19 15:03:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== LOP Check ========== [2012.03.02 15:58:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BullGuard [2011.09.12 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bytemobile [2012.07.16 11:59:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.11.19 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX [2011.01.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Software Inspection Library [2011.04.08 01:08:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template [2011.09.12 00:58:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vodafone [2011.09.12 01:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vodafone Mobile Connect [2012.06.15 07:39:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
Code:OTL Extras logfile created on: 16.07.2012 16:23:52 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,43 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 66,11% Memory free 6,85 Gb Paging File | 5,66 Gb Available in Paging File | 82,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 362,46 Gb Free Space | 85,35% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,45 Gb Free Space | 51,14% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3327415910-757591632-3190808052-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0984483B-CE65-4A4D-A6B1-34275B446D55}" = lport=10243 | protocol=6 | dir=in | app=system | "{0B420FA2-2D49-4ECE-AD8F-A7DDADE49DB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0FF5E766-10B0-47F4-9157-3A183FEDE50A}" = lport=137 | protocol=17 | dir=in | app=system | "{13FF946E-2A97-469C-A8BE-87C46859370D}" = rport=139 | protocol=6 | dir=out | app=system | "{1C7230D6-DB67-4F33-88C1-34A8D69FD9AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{221AD060-357D-4A59-A3F3-9C0214D462B3}" = rport=138 | protocol=17 | dir=out | app=system | "{32E7A590-3AE4-45EC-834E-DF72D4A8A3DB}" = rport=445 | protocol=6 | dir=out | app=system | "{39724D12-FE18-4215-9586-A41A336F75D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3E5A3E77-D9E3-4EE5-9EC0-CA17A1D030FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4108852C-223F-486E-9693-A6F50F3CB0FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{518F7E30-D329-4E10-9072-2D9F1228AE46}" = lport=2869 | protocol=6 | dir=in | app=system | "{5AAB0AF1-7105-4712-9AC2-E96E6541B5D1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{62EE0596-B60F-441D-8503-00CD71C9A2DD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{66D0D533-625F-4E96-A1CF-AE84B129928A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7B6E453C-3E18-4EA5-A238-9F5F281A1836}" = lport=139 | protocol=6 | dir=in | app=system | "{859C2879-2462-49A0-9719-6573DD868435}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{90B0D4DA-A47F-4651-B975-06E0F4505D95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A0FF7496-F4C7-41DF-B694-6B791B1FB0A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A2315CBA-988D-420D-B11C-D85E45D50804}" = lport=445 | protocol=6 | dir=in | app=system | "{A71B73AF-F711-4F43-9C7D-31BA7153BDC2}" = rport=10243 | protocol=6 | dir=out | app=system | "{A7EC7F53-B975-4C31-83DE-3E8E2B7B4DDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1FC4DCB-05C2-4282-900F-819CE331FE65}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D86388ED-68E5-4D2D-B26E-78FB48B4C360}" = lport=2869 | protocol=6 | dir=in | app=system | "{E4C07967-BE42-438C-9A9C-518B29616C08}" = rport=137 | protocol=17 | dir=out | app=system | "{E67B61F2-0144-44F5-9B3B-13916AEB437A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EA51C00C-98D4-4936-9171-021737FCAF02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{EE06FEB6-E9A8-4257-9834-B242A92D28A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F17EBEDA-CDE4-4E2C-B4DD-C4FA139CD0E4}" = lport=138 | protocol=17 | dir=in | app=system | "{F2FF62EE-44C1-42F7-AEB1-B51E4AD2BEE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F907E337-D405-4067-8CC0-051440106AC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9AD7858-3D9B-4997-8977-6BC1B78A20B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FAB9D1FA-2E1F-403C-B5DB-07069EBA136F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FE942DD2-D8EF-43B9-BC62-0ABC6EA61FFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0341B543-7885-49EE-9987-0405739EFBD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{081D1B3B-2E14-49AE-9581-A13927171737}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{0AF9BED3-FB4A-4386-8EA6-82239B9246E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{17ECC813-FFB3-4372-945E-4D7E69C72DAD}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | "{273EC91B-81A7-4800-84DB-C0A58EE36661}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2B0BDC62-FFEA-4AF2-9495-0C9981AF8C46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{33D6EFC8-474E-4AAC-92F9-4712E9046CC1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{3B1CE637-1C11-4E94-B318-002BBE46C367}" = protocol=6 | dir=out | app=system | "{3C3E8896-3C94-4A28-B0F5-2177F7195E09}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{3D52223A-4E25-4977-92CD-16FD7B9C6218}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{3FCA6FCA-53C7-4A88-B5F6-CB4FC797CD49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{495AC95E-1FD5-4E33-AEFD-53D55C11AB28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{531DDF34-3FE3-4D70-9B95-B29B6C875F21}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{572837FB-44D4-4F6C-BB18-1CD1BF08972B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{58A585F7-364C-4117-B8B4-E91166F96FE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A897D99-4FF2-41B1-8615-4D315E655C97}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | "{652710B1-EEA4-4D86-99BD-A0E38301E6C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{6BDFC2DB-A6CB-43C2-BDA9-18621A3C5A5D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{7112DB9A-BDD8-43C0-8FE9-3BDFFC5C8356}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7B2FB7B3-F335-4B4F-964B-E321950B9502}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | "{7F2D6032-3A15-4755-BCEB-E92C77674C4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80019AC5-86B5-4BBB-A241-FEFDF045D707}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8C74C29D-9E4E-4F22-9CA3-7DB052E19499}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{938C3412-05CB-48D2-ACDB-8EBB07E5FBDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A67A5D45-2F07-4C54-A947-4B91FA1FD198}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{A709209F-996D-4462-8FCB-32DCA96A0B64}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C0204631-D7A2-4180-A5DC-6364603B931E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D1A92059-E60A-41C2-BEBF-F550CA1898E5}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | "{F6728452-F859-4555-A308-72054AA6A2FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FADC4304-B719-4E68-90E7-801B9EEBB182}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{4B7C432F-0D6C-4441-8383-4F6C024959D6}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | "TCP Query User{655711AD-5B70-446D-AA29-B5DC19ED405E}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{C9F01F6A-D046-49A2-A2FA-2D8DBBC635E8}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{6E17F823-582A-4812-B7B1-D1710DAABFFC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{7135A16E-D0E9-4CE6-BD6F-4B68BB7B57CB}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{DA8AA465-EB79-4360-97DF-3E76FF8AA7C5}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{28586B31-B1F6-412F-ADD4-7F3F6BD5CDD8}" = RTL Skispringen 2003 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D6C6D02-F201-42AA-B53B-7B5166B6705C}" = FIFA 12 DEMO "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free "ALDI Süd Foto Service D" = ALDI Süd Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service "BullGuard" = BullGuard "CCleaner" = CCleaner "DX-Ball 2" = DX-Ball 2 "DX-Ball 2 ModPack" = DX-Ball 2 ModPack "DX-Ball 2 v1.2 Patch" = DX-Ball 2 v1.2 Patch "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Shrew Soft VPN Client" = Shrew Soft VPN Client "SynTPDeinstKey" = Synaptics Pointing Device Driver "TmNationsForever_is1" = TmNationsForever "TVWiz" = Intel(R) TV Wizard "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "X10Hardware" = X10 Hardware(TM) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.02.2012 11:22:41 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "SMSvcHost 4.0.0.0" (SMSvcHost 4.0.0.0). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 16.02.2012 11:22:41 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 16.02.2012 11:22:41 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 16.02.2012 11:22:41 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 22.02.2012 15:03:08 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.02.2012 15:03:08 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.02.2012 15:03:08 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 22.02.2012 15:47:55 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.02.2012 15:47:56 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.02.2012 15:47:56 | Computer Name = *****-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 14.06.2012 02:16:36 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 25.06.2012 12:48:21 | Computer Name = *****-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?25.?06.?2012 um 18:16:24 unerwartet heruntergefahren. Error - 03.07.2012 07:03:32 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error - 03.07.2012 07:03:32 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 04.07.2012 06:29:38 | Computer Name = *****-PC | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 04.07.2012 06:46:31 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147014847 Error - 11.07.2012 09:07:18 | Computer Name = *****-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?10.?07.?2012 um 16:16:39 unerwartet heruntergefahren. Error - 11.07.2012 15:59:05 | Computer Name = *****-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?07.?2012 um 20:46:12 unerwartet heruntergefahren. Error - 16.07.2012 09:13:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error - 16.07.2012 09:13:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report >
Hallo Gonzo,
===== Punkt 1 =====
Einige Fragen
1. Sind Agnitum Firewall und Bitdefender noch installiert?
2. Ist SweetIM noch installiert?Code:DRV - [2012.06.20 10:39:45 | 000,033,920 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Afw.sys -- (AFW) DRV - [2012.06.20 10:39:38 | 000,339,584 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AfwCore.sys -- (afwcore) DRV - [2012.03.02 14:18:47 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos) DRV - [2010.07.08 15:59:58 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\profos.sys -- (Profos)
Code:FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" [2011.08.11 19:54:23 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\xiksrng1.default\searchplugins\sweetim.xml
===== Punkt 2 =====
Welche Java-Version ist installiert?
Kontrolliere über Systemsteuerung => Programme, welche Java-Version installiert ist.
Falls es nicht Java Version 7 Update 5 ist:
Eventuell vorhandene ältere Versionen von Java über Systemsteuerung => Programme deinstallieren und ggfs. auch im Firefox unter Addons => Erweiterungen die alten Java-Versionen entfernen.
Die Offline-Version von Java Version 7 Update 5 von Oracle findest Du hier. Achte bei der Installation darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.
User mit 64Bit-System sollten die 32Bit-Version installieren. Es hat sich mehrfach gezeigt, dass die 64Bit-Version Probleme bereitet.
Unter Systemsteuerung => Java => Aktualisierung einstellen:
Benachrichtigung ausgeben => Vor der Installation
Haken bei Automatisch nach Aktualisierung suchen machen und unter Erweitert auf "Wöchentlich" einstellen.
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
also sweetim is auf jedenfall deinstalliert und die anderen 2 stehen auch nicht in der Programmliste....hab Java installiert...wie entferne ich das FirefoxAddOn? da steht nur deaktivieren
Hallo Gonzo1990,
die Präsenz Bitdefender- und Agnitum-Dateien haben sich geklärt. Bullguard basiert auf Bitdefender und benutzt auch Agnitum-Dateien
http://www.bullguard.com/support/faq...rd-basics.aspx
http://www.agnitum.com/news/Outpost-...lguard-CAT.phpBased on the award-winning BitDefender Antivirus technology, BullGuard Antivirus offers users one of the fastest response times to virus outbreaks in the industry.
Bullguard (www.bullguard.com) specializes in user-friendly PC and mobile security, and will integrate Agnitum's firewall engine into version 7 of the new Bullguard Internet Security Suite.
===== Punkt 1 =====
Fixen mit OTL
Hiermit fixen wir unnötige oder schädliche Einträge.
Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
- Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".- Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Sollten in den Logfiles Benutzernamen anonymisiert worden sein:
Daran denken, wieder den ursprünglichen Benutzernamen einzufügen!
Code::OTL IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes\{529A0B83-F426-496A-9924-A51A204B7156}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms} IE - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKU\S-1-5-21-3327415910-757591632-3190808052-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O33 - MountPoints2\{2c83dc37-32ea-11e1-b303-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{2c83dc37-32ea-11e1-b303-00262df85a9b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{801502bd-1d95-11e0-bb8d-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{801502bd-1d95-11e0-bb8d-00262df85a9b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e9663f43-b586-11e0-b2ec-00262df85a9b}\Shell - "" = AutoRun O33 - MountPoints2\{e9663f43-b586-11e0-b2ec-00262df85a9b}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
- Schließe alle Programme ink. z. B. Verhaltensüberwachung von Antivirus-Programmen.
- Klicke auf den Fix Button.
- Wenn OTL einen Neustart verlangt, bitte zulassen.
- Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
Code:All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Internet Explorer\SearchScopes\{529A0B83-F426-496A-9924-A51A204B7156}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{529A0B83-F426-496A-9924-A51A204B7156}\ not found. Registry key HKEY_USERS\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. HKU\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\S-1-5-21-3327415910-757591632-3190808052-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c83dc37-32ea-11e1-b303-00262df85a9b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c83dc37-32ea-11e1-b303-00262df85a9b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c83dc37-32ea-11e1-b303-00262df85a9b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c83dc37-32ea-11e1-b303-00262df85a9b}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801502bd-1d95-11e0-bb8d-00262df85a9b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801502bd-1d95-11e0-bb8d-00262df85a9b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801502bd-1d95-11e0-bb8d-00262df85a9b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801502bd-1d95-11e0-bb8d-00262df85a9b}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0b8b48-dcc8-11e0-a486-00262df85a9b}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d0b8b62-dcc8-11e0-a486-00262df85a9b}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9663f43-b586-11e0-b2ec-00262df85a9b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9663f43-b586-11e0-b2ec-00262df85a9b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9663f43-b586-11e0-b2ec-00262df85a9b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9663f43-b586-11e0-b2ec-00262df85a9b}\ not found. File F:\LGAutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\*****\Desktop\cmd.bat deleted successfully. C:\Users\*****\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: ***** ->Temp folder emptied: 1067324 bytes ->Temporary Internet Files folder emptied: 1379155 bytes ->Java cache emptied: 16675211 bytes ->FireFox cache emptied: 117582514 bytes ->Flash cache emptied: 1741 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6786 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 130,00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07172012_222041 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
Hallo Gonzo,
jetzt wäre es noch prima, zu wissen ob Dein eingangs geschildertes Problem mit den Youtube-Videos noch vorhanden ist.
Falls ja, kannst Du es evtl. eingrenzen, seit wann das vorhanden ist?
Seit wann benutzt Du die Antiviren-Lösung von Bullguard?
[°¿°] Ciao, Petra
Neu hier? Bitte abarbeiten! | Malware-Bereinigung | Forenregeln
Daten sichern! | Schulung | Kein Support per PN oder Mail! | Danke
Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)
Berechtigungen
