![]() |
|
Plagegeister aller Art und deren Bekämpfung: mögliche Infektion durch den Trojaner:Trojan:JS/Seedabutor.BWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() mögliche Infektion durch den Trojaner:Trojan:JS/Seedabutor.B Guten Abend, vermutlich habe ich mir einen Trojaner eingefangen. Microsoft Essentials berichtete mir kürzlich, dass der oben genannte Trojaner erkannt worden sei, ich aber nichts zu tun bräuchte. Zunächst dachte ich, es würde mit der Installation von einem Spiel zusammenhängen, was ich in dem Moment tat. Hinterher habe ich festgestellt, dass das Problem mit dem Internetexplorer in Verbindung auftritt, ich nutze diesen eben nur, um auf meinvz.de ein einzelnes Flashspiel zu spielen. Durch Recherchen stieß ich auf dieses Forum und fand den Hinweis, zunächst mit Malwarebytes den Rechner zu prüfen - dieser fand jedoch nichts, stoppte aber eine unerlaubte Aktion zu einer IP, als ich den IExplorer nutzen wollte. Ein erneuter Durchlauf (sowohl mit Essentials als auch mit Malwarebytes) ergab nichts. Der Versuch, meinvz.de über meinen Standardbrowser anzuwählen, war mit "Erfolg" gekrönt - auch hier stoppte Malwarebytes einen Zugriff, ferner blockte "NoScript" Teile des Flashspiels mit einer Nachricht, dass hier eine falsche oder fremde Seite aufgerufen werden sollte. Anbei die Textauszüge von: OTL Code:
ATTFilter OTL logfile created on: 18.03.2013 18:45:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anti\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 55,16% Memory free 14,00 Gb Paging File | 12,06 Gb Available in Paging File | 86,19% Paging File free Paging file location(s): h:\pagefile.sys 10240 10240 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 46,30 Gb Free Space | 47,41% Space Free | Partition Type: NTFS Drive D: | 100,01 Gb Total Space | 78,10 Gb Free Space | 78,09% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 33,51 Gb Free Space | 17,16% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 18,47 Gb Free Space | 18,91% Space Free | Partition Type: NTFS Drive H: | 104,06 Gb Total Space | 93,91 Gb Free Space | 90,25% Space Free | Partition Type: NTFS Drive J: | 7,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHAOS-KISTE | User Name: Anti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.17 11:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.20 10:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.12.20 10:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.12.20 10:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.10.17 11:21:04 | 000,168,776 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTSS.exe PRC - [2012.10.17 11:21:02 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe PRC - [2011.12.03 17:10:33 | 000,189,184 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.03.11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2010.03.11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009.11.07 15:25:10 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2007.04.09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 07:17:31 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.10 19:07:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 19:06:39 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 22:04:41 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.09 22:04:30 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.09 22:04:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.09 22:04:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.09 22:04:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 22:04:22 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.09 22:04:20 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 22:04:15 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.10.17 11:21:04 | 000,168,776 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTSS.exe MOD - [2012.10.17 11:21:02 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe MOD - [2012.06.30 05:18:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll MOD - [2012.06.30 05:18:04 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll MOD - [2012.06.30 05:17:48 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll MOD - [2012.06.30 05:17:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll MOD - [2012.06.30 05:17:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll MOD - [2012.06.05 08:23:18 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTSSHooks.dll MOD - [2012.06.05 07:03:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTMUI.dll MOD - [2012.06.05 07:02:42 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTUI.dll MOD - [2012.06.05 07:02:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTFC.dll MOD - [2011.05.01 07:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll MOD - [2011.05.01 07:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\Bundle\OSDServer\RTTSH.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.12 20:03:47 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 06:41:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.06.19 05:12:06 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.18 19:07:26 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2011.12.03 17:10:33 | 000,189,184 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.07 15:25:10 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.02 11:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.19 19:57:38 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.10.05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.24 07:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.04.12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL) DRV:64bit: - [2007.04.10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2007.04.10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k) DRV:64bit: - [2007.04.10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k) DRV:64bit: - [2007.04.10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k) DRV:64bit: - [2007.04.10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2007.04.10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2007.04.10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2007.04.10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2007.04.10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2007.04.10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV:64bit: - [2007.04.10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL) DRV:64bit: - [2007.04.10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV:64bit: - [2007.04.10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV:64bit: - [2007.04.10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV:64bit: - [2007.04.10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV:64bit: - [2007.04.10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV:64bit: - [2007.04.10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV:64bit: - [2007.04.10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV:64bit: - [2007.04.10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.10.17 11:21:00 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64) DRV - [2009.09.10 08:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.meinvz.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 4A C5 72 3A 59 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {900EEA37-B77F-404B-B225-D2EC298058DC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{57B5E9C0-DDCC-4FC0-9AAA-A99EFED6CEFC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{900EEA37-B77F-404B-B225-D2EC298058DC}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20130206 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 06:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 19:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 06:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 19:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.17 13:50:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.11 18:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\Extensions [2009.12.21 01:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.05 06:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\Firefox\Profiles\vtxa9re5.default\extensions [2013.03.03 08:09:04 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Anti\AppData\Roaming\mozilla\Firefox\Profiles\vtxa9re5.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2013.01.31 15:45:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Anti\AppData\Roaming\mozilla\Firefox\Profiles\vtxa9re5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.02.14 18:35:19 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\firefox\profiles\vtxa9re5.default\extensions\browserprotect@browserprotect.com.xpi [2013.02.23 10:59:45 | 002,345,043 | ---- | M] () (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\firefox\profiles\vtxa9re5.default\extensions\nasanightlaunch@example.com.xpi [2013.03.05 06:05:17 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\firefox\profiles\vtxa9re5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 07:23:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\firefox\profiles\vtxa9re5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.14 18:35:19 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\firefox\profiles\vtxa9re5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.02.14 18:33:16 | 000,698,764 | ---- | M] () (No name found) -- C:\Users\Anti\AppData\Roaming\mozilla\firefox\profiles\vtxa9re5.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013.03.08 06:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 06:41:24 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010.03.11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010.03.11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010.03.11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012.02.18 11:21:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.03.11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 20:59:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7880B74D-1DFC-4B1E-9DFE-1EED515B6BDC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.08.03 16:57:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.11.02 00:38:02 | 000,000,058 | -H-- | M] () - J:\autorun.inf -- [ UDF ] O33 - MountPoints2\{0d8e9394-cb82-11de-b0ab-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0d8e9394-cb82-11de-b0ab-806e6f6e6963}\Shell\AutoRun\command - "" = J:\StarCraft II Setup.exe -- [2012.11.02 00:38:02 | 002,020,544 | ---- | M] (Blizzard Entertainment) O33 - MountPoints2\{e47033b3-edf8-11e1-b78f-001fc61eb744}\Shell - "" = AutoRun O33 - MountPoints2\{e47033b3-edf8-11e1-b78f-001fc61eb744}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.18 18:36:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe [2013.03.17 13:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.17 11:13:49 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Malwarebytes [2013.03.17 11:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.17 11:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.17 11:13:34 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.17 11:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.17 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Programs [2013.03.16 22:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.03.16 22:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.03.16 22:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.03.16 21:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.e95598d0.temp [2013.03.16 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.e7271c42.temp [2013.03.16 20:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.3a018b42.temp [2013.03.16 17:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.e6f2b040.temp [2013.03.16 17:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.d48c6a9e.temp [2013.03.16 17:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.a0d452d4.temp [2013.03.16 16:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.3aaca235.temp [2013.03.16 16:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.temp [2013.03.16 16:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.03.09 15:31:09 | 000,000,000 | ---D | C] -- C:\Users\Anti\Desktop\div. Programme [2013.03.09 14:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.08 06:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.26 19:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.26 19:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.16 19:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.02.16 19:42:56 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\EA Core [2013.02.16 19:42:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2013.02.16 19:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2013.02.16 19:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.02.16 18:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.18 18:47:28 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 18:47:28 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 18:43:59 | 000,224,853 | ---- | M] () -- C:\Users\Anti\Desktop\reihenfolge.png [2013.03.18 18:39:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 18:39:50 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2013.03.18 18:38:00 | 000,000,020 | ---- | M] () -- C:\Users\Anti\defogger_reenable [2013.03.18 18:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.17 14:59:39 | 000,488,819 | ---- | M] () -- C:\Users\Anti\Desktop\Malwarezugriff.png [2013.03.17 14:12:07 | 013,786,977 | ---- | M] () -- C:\Users\Anti\Desktop\mbar-1.01.0.1021.zip [2013.03.17 11:40:01 | 000,377,856 | ---- | M] () -- C:\Users\Anti\Desktop\gmer_2.1.19155.exe [2013.03.17 11:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe [2013.03.17 11:38:53 | 000,050,477 | ---- | M] () -- C:\Users\Anti\Desktop\Defogger.exe [2013.03.16 22:01:06 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2013.03.16 21:32:56 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk.temp [2013.03.16 14:15:12 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000002-00001102-00000008-10211102}.rfx [2013.03.16 14:15:12 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000002-00001102-00000008-10211102}.rfx [2013.03.16 14:15:12 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000008-00000000-00000002-00001102-00000008-10211102}.rfx [2013.03.16 14:15:12 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000008-00000000-00000002-00001102-00000008-10211102}.rfx [2013.03.16 14:15:12 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000002-00001102-00000008-10211102}.rfx [2013.03.14 06:37:55 | 004,958,588 | ---- | M] () -- C:\Windows\{00000008-00000000-00000002-00001102-00000008-10211102}.CDF [2013.03.09 10:31:59 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013.03.06 18:11:16 | 001,642,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.06 18:11:16 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.06 18:11:16 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.06 18:11:16 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.06 18:11:16 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.19 22:44:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.18 18:43:59 | 000,224,853 | ---- | C] () -- C:\Users\Anti\Desktop\reihenfolge.png [2013.03.18 18:38:00 | 000,000,020 | ---- | C] () -- C:\Users\Anti\defogger_reenable [2013.03.18 18:36:36 | 013,786,977 | ---- | C] () -- C:\Users\Anti\Desktop\mbar-1.01.0.1021.zip [2013.03.18 18:36:35 | 000,377,856 | ---- | C] () -- C:\Users\Anti\Desktop\gmer_2.1.19155.exe [2013.03.18 18:36:35 | 000,050,477 | ---- | C] () -- C:\Users\Anti\Desktop\Defogger.exe [2013.03.17 14:59:39 | 000,488,819 | ---- | C] () -- C:\Users\Anti\Desktop\Malwarezugriff.png [2013.03.16 22:01:04 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2013.03.16 21:32:56 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk.temp [2013.03.09 10:31:59 | 000,000,641 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013.03.08 19:24:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.06.20 17:17:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.06.15 19:21:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.10 22:27:55 | 000,000,412 | ---- | C] () -- C:\Users\Anti\AppData\Roaming\All CPU Meter_Settings.ini [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.11.07 19:05:35 | 000,007,605 | ---- | C] () -- C:\Users\Anti\AppData\Local\Resmon.ResmonCfg [2009.11.07 16:26:30 | 000,000,092 | ---- | C] () -- C:\Users\Anti\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.07.16 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Bioshock2 [2010.10.02 08:18:53 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\BITS [2012.06.11 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\DAEMON Tools Lite [2009.12.06 14:07:59 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\GetRightToGo [2012.12.06 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\ICAClient [2010.07.07 18:36:20 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Leadertech [2012.12.23 15:08:57 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.06.20 13:56:29 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Nokia [2010.06.20 14:06:56 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\PC Suite [2011.04.16 07:29:30 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\runic games [2012.10.15 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Samsung [2012.08.12 13:44:34 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\TeamViewer [2009.12.21 01:08:11 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Thunderbird [2013.03.09 10:30:57 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\TS3Client [2009.11.07 16:30:19 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\Turbine [2011.06.18 13:17:26 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\wargaming.net [2011.05.12 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\Anti\AppData\Roaming\XRay Engine ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.03.2013 18:45:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anti\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 55,16% Memory free 14,00 Gb Paging File | 12,06 Gb Available in Paging File | 86,19% Paging File free Paging file location(s): h:\pagefile.sys 10240 10240 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 46,30 Gb Free Space | 47,41% Space Free | Partition Type: NTFS Drive D: | 100,01 Gb Total Space | 78,10 Gb Free Space | 78,09% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 33,51 Gb Free Space | 17,16% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 18,47 Gb Free Space | 18,91% Space Free | Partition Type: NTFS Drive H: | 104,06 Gb Total Space | 93,91 Gb Free Space | 90,25% Space Free | Partition Type: NTFS Drive J: | 7,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHAOS-KISTE | User Name: Anti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 "C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx "C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 "C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09839E28-ABC0-4EA5-84A6-C580F3D27107}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{15E38D09-512D-4451-85EE-1643B616963F}" = lport=58912 | protocol=17 | dir=in | name=pando media booster | "{2926B42D-DBB0-4AE9-9978-A99D94299ACE}" = lport=58912 | protocol=6 | dir=in | name=pando media booster | "{432EA76B-4942-4674-9B0F-4FBBCB43C9F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5499EFEB-2D3B-45B6-9A52-A6675273982B}" = lport=40980 | protocol=6 | dir=in | name=test authoring and execution framework service | "{5E7CDEBC-27D6-4A3B-AFB4-F8525D82073B}" = lport=445 | protocol=6 | dir=in | app=system | "{6098B9E1-CFA0-4913-B701-8BDDB0ECA4E8}" = rport=445 | protocol=6 | dir=out | app=system | "{6739CEF6-3B16-4347-AE82-CD15EE3D8831}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9716D1F8-70E4-4DC1-B8BD-647AC15F8628}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9A7B5E8D-8385-44AA-9E66-831CE332A3E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9B4FE28D-283B-4A53-A8FC-86D381829E54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A5311E5B-AF0F-4032-920E-89D800200892}" = lport=139 | protocol=6 | dir=in | app=system | "{A5634912-DC51-49B9-9675-2B8025D224BA}" = lport=58912 | protocol=17 | dir=in | name=pando media booster | "{BB4EAE86-5B7C-4EDC-9215-0FE484A7E5F3}" = lport=58912 | protocol=6 | dir=in | name=pando media booster | "{BBC3905F-11E1-42DB-987A-B1117B46A7D5}" = rport=139 | protocol=6 | dir=out | app=system | "{CF10ABEB-752B-4F50-80FA-F8B50743CB63}" = lport=2869 | protocol=6 | dir=in | app=system | "{D262D3E9-5914-469F-994E-7A8892F09F42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D825D0DF-D942-4E2B-B030-132318ECE4DF}" = lport=137 | protocol=17 | dir=in | app=system | "{DC5A2D6E-65F9-4600-BDEF-07F8E700AA6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD5D4EA8-55BD-4746-A18A-2A2AE5702B0E}" = lport=rpc-epmap | protocol=6 | dir=in | name=test authoring and execution framework service (rpc endpoint mapper) | "{E690912F-1279-4008-A697-ABE0D527FE82}" = lport=138 | protocol=17 | dir=in | app=system | "{E80E45A4-E645-4FC9-914D-6A7C7938F4DB}" = rport=138 | protocol=17 | dir=out | app=system | "{E8AA8E93-48C4-461D-9802-40745A1FB09A}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02DDB7DD-176F-46E0-8896-1E813AC823E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0C3B484D-AF1C-4960-BC5F-D8E1C9D5B29A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{0CB8A718-33E9-41DE-99CD-48543C1EF520}" = protocol=6 | dir=in | app=f:\spiele-7\hdr-schlacht um mittelerde\game.dat | "{15D02AC0-838B-402D-911A-7E5678B592D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.exe | "{1D73AC2D-0F48-4128-88EE-F8478809F61D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1FC1CFE2-7E11-4E94-A1B8-FF850D84B69C}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{2038EBA0-27F8-41E0-A494-F9AAC7D7F159}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2D32ECB0-DFD4-4D03-968D-5D11E85195DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{2DE03716-68A2-44EA-919F-65A3429D6A27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2DE522A4-9FEE-4837-9CA5-2AF98C87009E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{2E486553-B2EA-4CD0-A4B0-66794C0A66EB}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{2EA54C13-3CA1-420F-A6A9-26E6527BA57C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2FBBB557-F1CE-47F2-9C47-9D036CE59234}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{384D9010-4A0F-4E73-BA4B-67D0CA8FAADF}" = protocol=17 | dir=in | app=f:\spiele-7\mass effect 2\masseffect2launcher.exe | "{38A55526-A768-4556-B563-B2E815C88C4A}" = protocol=17 | dir=in | app=f:\spiele-7\starcraft ii\starcraft ii public test.exe | "{3925B5C4-71F7-43D5-A690-08162B9996BF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3C56E207-E997-4375-A152-494B470C64ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{41A26827-FEDE-43DD-BC84-55A12BF53B82}" = protocol=17 | dir=in | app=f:\spiele-7\mass effect 2\binaries\masseffect2.exe | "{448E043E-D23D-4B73-A4F3-9B98023DE740}" = protocol=6 | dir=in | app=f:\spiele-7\mass effect 2\binaries\masseffect2.exe | "{47C9EC04-093A-4736-A9C0-60E9F42610CD}" = protocol=6 | dir=in | app=f:\spiele-7\wot\worldoftanks.exe | "{4A5A06CB-BBE5-4F0F-B0E1-4715E261D28E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4D5C5E87-59F9-4315-AAFE-F08FC3A72662}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{50A12E94-5577-4639-BA34-EB721A16295C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5196814F-E8A8-4DBB-8683-F9E5C6988B7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{57622651-0FDD-4D3A-85ED-010AB86BCDEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{597BCAD2-F66D-45D5-ACE2-3FC044C9C54A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5BF61A3A-219F-4D81-BA49-B9A2662CB8FB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5C846A4F-0183-4F6D-A687-5A9132962638}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{5CA36A3F-5B8B-474C-BECC-80049F660408}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5EFC2240-DDF4-487D-A3C1-4DFB17FA5423}" = protocol=17 | dir=in | app=f:\spiele-7\wot\wotlauncher.exe | "{62C54429-4C55-4309-991A-FE9C16A31FD2}" = protocol=6 | dir=in | app=f:\spiele-7\wot\wotlauncher.exe | "{66F17F62-E3EF-41ED-B687-E7DC646575EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{67275120-00BF-4C5B-AFE7-1CD9F3810AE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6ED489B5-737C-4FE8-8680-AC1C0459CD47}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{73E14F3D-2241-4B49-A5F9-94B22BFA0916}" = protocol=6 | dir=in | app=f:\spiele-7\mass effect 2\masseffect2launcher.exe | "{74C3096E-7161-4125-BF45-14F983FCEA81}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{794E24B4-D7F2-445B-9E08-D25187B3E2A5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{79DAAD6E-60FA-46D7-9119-B6FC5D1D15DA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{7A0AF599-A862-452B-B489-11D09CC72EC5}" = protocol=17 | dir=in | app=f:\spiele-7\hdr-schlacht um mittelerde\game.dat | "{7B0EA50E-63C2-4B1B-925C-DBEF47AB2F14}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{7B4B93FF-1CE7-4848-B361-B57E9E43E8A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{81E39794-2740-4C72-8509-568D10FDF616}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{84940352-FED9-40FD-BAAC-E6F741BB790F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{86D14627-41EF-407E-814D-89F27C7E96B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{8A886395-C3DC-4201-BC97-5F1631E5D1E1}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{98BBEA95-315C-448B-9673-493860E5CF54}" = protocol=17 | dir=in | app=f:\spiele-7\diablo3\diablo iii\diablo iii.exe | "{9C92E0D0-6CAC-48AC-B777-3A67C1FBA851}" = protocol=6 | dir=in | app=f:\spiele-7\starcraft ii\starcraft ii public test.exe | "{9D3F2E67-9FD5-4C68-8492-E25B9AB4CC5D}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{9DD56909-39FD-43F9-B5C1-E70D72824AF9}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{A09D62C8-D5DB-42D2-91FD-37E58F4CBEE2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A30206A4-22AA-4916-9636-9A33E31102CB}" = protocol=17 | dir=in | app=f:\spiele-7\starcraft ii\starcraft ii.exe | "{A38A8801-8823-491F-9760-6FFFBCACD04E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A559BE55-7CE4-4942-92EC-64BF018784D5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A6245B2A-4DED-4BC9-97CB-B8C50506F325}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{A8E074B9-C532-4E58-869F-AAB8DA9675B6}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{A96AB6BC-47CB-4865-8A2B-AFE7D62CB8B7}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{B167FF0A-3F5F-4E8A-9442-37DC3E61A786}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{B1939052-93B9-4E06-A371-39B0ABAE660A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{B2BCC57F-16C7-4138-9DC2-B9405667E633}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B56C7ED0-D1E3-4CF0-B575-8B9E588964C0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{B67D324F-10AD-4AEE-8839-23857FEE59FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.exe | "{BC3F7C99-CAB1-406E-B646-2924CF16CBBA}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{C2A97B82-A585-44EE-9EF1-69E973F8F656}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{C2F907CB-F01E-4D95-9093-9FF7234C2AB9}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{CC08C57E-939A-441B-A2C4-17F4AD5013C5}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{D7F8167B-E09E-46CD-A36F-D3B95C0D700F}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{D88A52D6-70AE-45B9-A998-AA3C75B4E962}" = protocol=17 | dir=in | app=f:\spiele-7\wot\worldoftanks.exe | "{DB678A6D-AD39-4A16-B6B0-C59C117F5055}" = protocol=17 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{E01019EC-744D-4D82-A263-F32E77C80A7F}" = protocol=6 | dir=in | app=f:\spiele-7\diablo3\diablo iii\diablo iii.exe | "{E0A7976A-F99F-421E-B320-FC8C8E151183}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EEA311B4-FAA8-4B13-91D7-376BDFBB5EEB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F4DADB3C-C2F5-4471-A223-7ED34872928E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F64FC89F-47D0-4AF9-80B5-4FAB9A80DB24}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F950C5D7-1D3E-44D7-8922-4462B0E4DAB9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FA55BA45-5DB4-45E5-8B22-7250A7F3F041}" = protocol=6 | dir=in | app=f:\spiele\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{FC325BDA-78AC-4DD4-A257-F8CDEEEF529F}" = protocol=6 | dir=in | app=f:\spiele-7\starcraft ii\starcraft ii.exe | "TCP Query User{13C32560-1425-4969-B6AD-EF9816AB61AF}F:\spiele-7\hdr-schlacht um mittelerde\patchget.dat" = protocol=6 | dir=in | app=f:\spiele-7\hdr-schlacht um mittelerde\patchget.dat | "TCP Query User{15450AE5-9AA0-4F1A-B837-8ADF655448B4}F:\spiele-7\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\spiele-7\guild wars 2\gw2.exe | "TCP Query User{6CFDB880-D270-4167-8806-5FE84AF66AAD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{9C7DDDFC-CF25-43DB-9666-45DD1F04AA1B}F:\spiele-7\lotro\lotroclient.exe" = protocol=6 | dir=in | app=f:\spiele-7\lotro\lotroclient.exe | "TCP Query User{A5E768D8-1514-4596-ABD4-910588E4900E}F:\spiele\steam\steam.exe" = protocol=6 | dir=in | app=f:\spiele\steam\steam.exe | "TCP Query User{CC505C34-D773-478D-87CB-D9209D2A6907}F:\spiele-7\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=f:\spiele-7\starcraft ii\versions\base24944\sc2.exe | "TCP Query User{CCBDA70B-0F7D-4BE2-BCB0-F0B9382AA2AF}F:\spiele-7\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=f:\spiele-7\mass effect 2\binaries\eacoreserver.exe | "UDP Query User{2A7F565A-B4CA-4785-9DF3-5394D652C6B3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{8738BDA9-F7E6-4F71-B745-A7B92124EB2E}F:\spiele-7\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=f:\spiele-7\mass effect 2\binaries\eacoreserver.exe | "UDP Query User{9FB92513-373A-452E-B7BF-AC4F26AA5699}F:\spiele-7\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=f:\spiele-7\starcraft ii\versions\base24944\sc2.exe | "UDP Query User{DD2097BB-F408-44A4-A1B0-3F161B337989}F:\spiele-7\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\spiele-7\guild wars 2\gw2.exe | "UDP Query User{E6BE6D34-A68D-476E-92A1-FDB0C6A1B537}F:\spiele\steam\steam.exe" = protocol=17 | dir=in | app=f:\spiele\steam\steam.exe | "UDP Query User{E82EA5AB-340E-4D48-ABDE-E0C8B4019D34}F:\spiele-7\hdr-schlacht um mittelerde\patchget.dat" = protocol=17 | dir=in | app=f:\spiele-7\hdr-schlacht um mittelerde\patchget.dat | "UDP Query User{F6807266-FBD5-4F4B-BD03-71974F569FC6}F:\spiele-7\lotro\lotroclient.exe" = protocol=17 | dir=in | app=f:\spiele-7\lotro\lotroclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "SP6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix Online Plug-in (Web) "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm) "{3ff842b6-4ab0-4291-8ebf-0a26b3701b04}" = Windows Driver Kit "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0 "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{60D66D9B-760B-4006-9443-08960A811D4C}" = Windows Driver Frameworks Update Packages "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DA2AF51-EE25-BB21-9106-FF69FC83DDB7}" = Kits Configuration Installer "{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix Online Plug-in (USB) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix Online Plug-in (DV) "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation "{D1C1F497-452C-89D8-EE26-014184714B78}" = Windows Driver Kit "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix Online Plug-in (HDX) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4 "12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.05.01.8027 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation "Diablo III" = Diablo III "EA Installer.-2062380449" = EA Installer "Fraps" = Fraps "Guild Wars" = GUILD WARS "Guild Wars 2" = Guild Wars 2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PrecisionX" = EVGA Precision X 3.0.4 "PunkBusterSvc" = PunkBuster Services "Rockstar Games Social Club" = Rockstar Games Social Club "SpeedFan" = SpeedFan (remove only) "StarCraft II" = StarCraft II "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 218" = Source SDK Base 2007 "Steam App 28050" = Deus Ex: Human Revolution "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 72850" = The Elder Scrolls V: Skyrim "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 8" = TeamViewer 8 "Winamp" = Winamp "WinRAR archiver" = WinRAR Archivierer ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.03.2013 01:23:52 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133, Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften Prozesses: 0x6c44 Startzeit der fehlerhaften Anwendung: 0x01ce1af3e82e1ca6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 329e8adf-86e7-11e2-8594-001fc61eb744 Error - 07.03.2013 14:16:08 | Computer Name = Chaos-Kiste | Source = Application Hang | ID = 1002 Description = Programm WorldOfTanks.exe, Version 0.8.4.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d24 Startzeit: 01ce1b5f83909598 Endzeit: 96 Anwendungspfad: F:\Spiele-7\World_of_Tanks\WorldOfTanks.exe Berichts-ID: Error - 08.03.2013 14:22:41 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0x2b48 Startzeit der fehlerhaften Anwendung: 0x01ce1c29d52e8977 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 29439745-881d-11e2-b42a-001fc61eb744 Error - 11.03.2013 01:16:05 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: lcdmon.exe, Version: 3.6.109.0, Zeitstempel: 0x4c58421d Name des fehlerhaften Moduls: lcdmon.exe, Version: 3.6.109.0, Zeitstempel: 0x4c58421d Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000009f674 ID des fehlerhaften Prozesses: 0xbb0 Startzeit der fehlerhaften Anwendung: 0x01ce1d6775f12fe7 Pfad der fehlerhaften Anwendung: C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe Pfad des fehlerhaften Moduls: C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe Berichtskennung: c568f5d2-8a0a-11e2-86a8-001fc61eb744 Error - 11.03.2013 01:44:29 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0xac4 Startzeit der fehlerhaften Anwendung: 0x01ce1e177361144c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: bd2d1dab-8a0e-11e2-86a8-001fc61eb744 Error - 12.03.2013 16:50:46 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0x654c Startzeit der fehlerhaften Anwendung: 0x01ce1f5ea104099e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 82daa783-8b56-11e2-86a8-001fc61eb744 Error - 14.03.2013 01:40:33 | Computer Name = Chaos-Kiste | Source = Windows Search Service | ID = 3007 Description = Error - 16.03.2013 11:38:39 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0xe14 Startzeit der fehlerhaften Anwendung: 0x01ce225b7e298738 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 925ae5d7-8e4f-11e2-ba6e-001fc61eb744 Error - 16.03.2013 16:14:37 | Computer Name = Chaos-Kiste | Source = Application Hang | ID = 1002 Description = Programm fraps.exe, Version 3.5.9.15587 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 838 Startzeit: 01ce225b0eac4df0 Endzeit: 90 Anwendungspfad: C:\Fraps\fraps.exe Berichts-ID: Error - 18.03.2013 12:43:53 | Computer Name = Chaos-Kiste | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: LCDMon.exe, Version: 3.6.109.0, Zeitstempel: 0x4c58421d Name des fehlerhaften Moduls: LCDMon.exe, Version: 3.6.109.0, Zeitstempel: 0x4c58421d Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000009f674 ID des fehlerhaften Prozesses: 0xf5c Startzeit der fehlerhaften Anwendung: 0x01ce23293ea5558c Pfad der fehlerhaften Anwendung: C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe Pfad des fehlerhaften Moduls: C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe Berichtskennung: 0453c2e1-8feb-11e2-b3ff-001fc61eb744 [ System Events ] Error - 16.03.2013 11:29:36 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.03.2013 08:40:29 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.03.2013 08:40:35 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.03.2013 11:54:52 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.03.2013 11:55:12 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.03.2013 11:55:14 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MsMpSvc erreicht. Error - 17.03.2013 12:04:53 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.03.2013 12:04:56 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.03.2013 13:40:05 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.03.2013 13:40:09 | Computer Name = Chaos-Kiste | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-18 19:38:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD753LJ rev.1AA01118 698,64GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Anti\AppData\Local\Temp\fwriipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[368] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072831a22 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[368] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072831ad0 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[368] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072831b08 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[368] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072831bba 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[368] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072831bda 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072831a22 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072831ad0 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072831b08 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072831bba 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072831bda 2 bytes [83, 72] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Windows\SysWOW64\PnkBstrB.exe[1944] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3284] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077a1000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3284] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077a9f85a 5 bytes JMP 0000000177a4d571 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [472:1732] 000007fef63f0ea8 Thread C:\Windows\system32\svchost.exe [472:1836] 000007fef63e9db0 Thread C:\Windows\system32\svchost.exe [472:2564] 000007fef63f1c94 Thread C:\Windows\system32\svchost.exe [472:944] 000007fef63eaa10 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1792:5116] 000007fefc2a2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1792:5188] 000007fef6cf5124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x9D 0x5B 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0xAE 0xC3 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x89 0xC3 0x9E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x9D 0x5B 0x8A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0xAE 0xC3 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x89 0xC3 0x9E ... ---- EOF - GMER 2.1 ---- Vielen Dank im Vorab! |
Themen zu mögliche Infektion durch den Trojaner:Trojan:JS/Seedabutor.B |
7-zip, black, cpu-z, explorer, firefox, flash player, hängen, install.exe, installation, js/seedabutor.b, launch, microsoft essentials, mozilla, ntdll.dll, object, office 2007, pando media booster, plug-in, problem, prüfen, registry, rundll, scan, security, senden, software, svchost.exe, teamspeak, trojan:js/seedabutor.b, trojaner, windows |