Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
F:\RECYCLER\e621ca05.exe

F:\RECYCLER\e621ca05.exe


Log-Analyse und Auswertung: F:\RECYCLER\e621ca05.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.03.2013, 13:34   #1
Blacklaiser
 
F:\RECYCLER\e621ca05.exe - Standard

F:\RECYCLER\e621ca05.exe


Hallo

Ich habe seit gesternabend ein Problem mit meiner Externen Festplatte und zwar werden alle
Ordner als Verknüpfung Angezeigt.

Wenn ich dort drauf klicke kommt ein Fenster dort steht
"F:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.Stelle Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.

Dazu muss ich sagen das mein Antivir gestern eine Meldung gab
Worm/Dorkbot.A.2985 den habe ich dann entfernen lassen.

Ich habe auch schon die Logs gemacht mit OTL/gmer

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 13:14:16
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SI rev.1AG01118 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\basti\AppData\Local\Temp\awloqpow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77]
.text ... * 2

---- EOF - GMER 2.1 ----

OTL
OTL logfile created on: 24.03.2013 12:39:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,62% Memory free
16,00 Gb Paging File | 13,68 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 774,50 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 709,71 Gb Free Space | 76,19% Space Free | Partition Type: NTFS

Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.24 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\basti\Downloads\OTL.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.12 22:00:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 22:00:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.12 22:00:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 22:00:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.12.23 10:58:44 | 002,259,568 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.13 18:50:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.12 22:00:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 22:00:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.12 22:00:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=hp&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 7A B6 02 62 09 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B2E1175-4E0B-46B1-A7D9-F477E60F2122}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=be8393d0-34dd-4927-9451-fe0c977105a7&apn_sauid=B64D5FB6-00F2-48C2-AC9F-5A8A17954E73
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2ADC8C-3CCF-4D36-B4BD-CADDCD830F7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f9b893fc-7551-11e2-8260-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b893fc-7551-11e2-8260-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.23 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Roaming\Malwarebytes
[2013.03.23 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.23 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.23 12:30:56 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Programs
[2013.03.21 01:16:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.21 01:16:15 | 000,000,000 | ---D | C] -- C:\cb05257f374522336446e9bd
[2013.03.18 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Microsoft_Corporation
[2013.03.10 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\SKIDROW
[2013.03.08 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\EA Games
[2013.03.08 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\EA Games
[2013.03.04 06:57:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Skyrim
[2013.03.03 22:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.03.03 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Diagnostics
[2013.03.03 20:38:38 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\My Games
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.03.03 05:25:31 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\Criterion Games
[2013.02.24 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\TeknoGods
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.24 12:37:25 | 000,000,000 | ---- | M] () -- C:\Users\basti\defogger_reenable
[2013.03.24 12:36:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job
[2013.03.24 12:09:59 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 12:09:59 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 12:08:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.24 12:08:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.24 12:08:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.24 12:08:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.24 12:08:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.24 12:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 12:02:23 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.21 00:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.18 13:33:14 | 000,000,000 | -H-- | M] () -- C:\Users\basti\Documents\Default.rdp
[2013.03.14 21:40:08 | 000,002,372 | ---- | M] () -- C:\Users\basti\Desktop\Google Chrome.lnk
[2013.03.13 17:03:58 | 000,000,165 | ---- | M] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls
[2013.03.08 10:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job
[2013.03.03 22:21:42 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2013.03.03 19:35:37 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.24 12:37:25 | 000,000,000 | ---- | C] () -- C:\Users\basti\defogger_reenable
[2013.03.18 13:33:14 | 000,000,000 | -H-- | C] () -- C:\Users\basti\Documents\Default.rdp
[2013.03.13 17:03:57 | 000,000,165 | ---- | C] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls
[2013.03.03 22:21:42 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk
[2013.03.03 19:35:36 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.13 17:36:29 | 000,000,017 | ---- | C] () -- C:\Users\basti\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.03.01 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\.minecraft
[2013.02.13 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\OpenCandy

========== Purity Check ==========



< End of report >

Extras
OTL Extras logfile created on: 24.03.2013 12:39:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,62% Memory free
16,00 Gb Paging File | 13,68 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 774,50 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 709,71 Gb Free Space | 76,19% Space Free | Partition Type: NTFS

Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046041BF-6189-49C0-A122-1951050A9350}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0CB99028-99B9-48A5-A258-C91E41F02359}" = rport=10243 | protocol=6 | dir=out | app=system |
"{17190016-7837-467A-9B45-2E3695BAC63F}" = lport=445 | protocol=6 | dir=in | app=system |
"{254ED800-1AE5-4ED6-BB33-FEBA652D5EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{309D4A84-A3D0-4F9B-8641-D498EE4DC94D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{315A1CCA-2561-4BDC-9A61-2403502EA240}" = rport=445 | protocol=6 | dir=out | app=system |
"{4249BBBB-ABD5-4E66-A3C8-DE3238449046}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DB3E68D-5377-4682-9452-6B9A5AEDC9DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{65ACCD6C-27C6-474E-9ABA-5E0C999808CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{75F8A28E-32B5-498F-90AB-020C38172BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{913221AB-7CCF-43D7-9BF5-2E6A750DCF84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93D895B6-6015-415A-9E73-9965110E8966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{993B658F-957F-4264-8BED-C72C7924746D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E7616E0-4C42-4266-9492-8B019DE53051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0008364-532F-4A51-891B-00897C8DEAD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5972BC3-A401-44A1-B16F-43A72877E084}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9AD5EB0-316E-46DB-8235-8F2B27027FF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BBE053A5-069E-43F0-B331-722B951E303B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C445E835-832E-4A4A-98AC-CA862ED15FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC28F4C1-16B1-4182-929B-47E0F9D0FA2D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E41C9F8C-E2F6-4EDC-A0B5-17249218761E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F096F259-9EBA-41DD-9E09-47364992C98C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F56682DA-8078-4D16-BE63-C8E87DFD7E52}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E3A335-E89E-4E6B-98EC-B1AD758BA9D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{077BB950-5095-4DD0-9673-7A9696415A60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B3EA404-C2A0-4D6E-BC90-BC29161395E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1443C81B-37F4-4882-8F46-5E311C71DE20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{20EE0F13-E7DF-4D06-89B1-4E1EE4CB3BF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22AD454C-3A8D-4891-9B25-7E76AF146B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2B62394D-19B8-43B3-93C8-E73A8303AC6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39F8D502-0EB0-4D15-8800-0E8D04C64A75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D8A0EE5-C3A2-4132-A571-9D5E1FC001A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4654928D-DBBD-44ED-B838-4CC15BD22938}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AC9509B-BF3C-42A7-A826-F3AD04FD7BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{579D169A-500B-480E-B65D-02F06101E6C2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{5A4398AD-0836-4D73-99FE-73BB6338889A}" = protocol=58 | dir=in | app=system |
"{5EA5E196-2097-44CA-B7FA-DC4FDDA82F30}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FF1B221-31B5-4230-B3BD-99D2A61320EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82A30414-EB7E-46A8-A356-0567FDDDF826}" = protocol=6 | dir=out | app=system |
"{8506E774-041E-484C-90AF-35FD603DF1BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{950C6B7D-EE5E-46EF-A934-4EA86AA30AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99F6D0C6-A5F0-40EA-A701-8607E8522686}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C4BA0BE-E823-4872-BD35-8DE2BEEEB15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A7F313FE-0A46-469A-933F-223CCDF10358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBCB20B5-772D-48A1-9D58-D42CC8A19C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E423B589-DB6B-42F2-B3B0-D0178607AE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1FC07E5-E83E-4A3F-A595-7FBDCE2280A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F78857FD-670D-4BA3-A311-70FF04C3634D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC7E7C69-9CC0-4A16-8C73-FB116519B9D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{18861116-2515-4D7C-BEB4-B01C1CCA9A4B}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{3D03630A-5B4F-4A9E-8B4D-6AE4A807F54F}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe |
"TCP Query User{43D016D6-33A9-408B-BBDB-64BA4BBDA3E3}F:\spiele1\empire earth\empire earth.exe" = protocol=6 | dir=in | app=f:\spiele1\empire earth\empire earth.exe |
"TCP Query User{4C880C81-2AD1-4699-B093-A23C11A0575D}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe |
"TCP Query User{509B228D-C967-414A-B9A0-10595BBEA68F}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin |
"TCP Query User{5E48E488-6B58-400B-A25C-2FFDD5101BB9}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{606A895A-F030-4CE6-90D5-170DB3B5D20E}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe |
"TCP Query User{823B1FE6-92F1-4C2A-8554-696ECCF95EE5}F:\metin2\metin2client.bin" = protocol=6 | dir=in | app=f:\metin2\metin2client.bin |
"TCP Query User{9579B278-E932-4443-9A93-0EC6FF717AA9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{9EE1A822-EF67-4B7A-B080-0D26F9F7DA75}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{6AE8803C-8E99-4C6C-A854-5A4F956D0D4B}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe |
"UDP Query User{7A593A2E-C269-4FC3-93C6-CC92D2147C6C}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin |
"UDP Query User{8E2EF7D7-4DCC-4386-8E9B-53B777675346}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{A42EE3E0-67F5-4158-81B8-C188BA9DD736}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{B25C9687-FA2E-43BC-A82F-094DF520884E}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{C90683E7-6355-4656-BA83-3C6A03875BF1}F:\metin2\metin2client.bin" = protocol=17 | dir=in | app=f:\metin2\metin2client.bin |
"UDP Query User{D2E33147-8EB7-4FB1-BF03-54896444572D}F:\spiele1\empire earth\empire earth.exe" = protocol=17 | dir=in | app=f:\spiele1\empire earth\empire earth.exe |
"UDP Query User{D552B5F0-F7D9-4677-AF29-754298D021EE}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{D66194BA-8404-42CF-8EB9-5A8740C0033C}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe |
"UDP Query User{FD73DD3E-F798-4265-AE53-2AB578AE644D}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"MySSID_is1" = EXPERTool 7.16
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.03.2013 00:28:38 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm NFS13.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f68 Startzeit:
01ce17c723d9d19a Endzeit: 593 Anwendungspfad: F:\Spiele\Need for Speed Most Wanted\NFS13.exe

Berichts-ID:


Error - 17.03.2013 14:01:43 | Computer Name = basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc74643 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009791
ID
des fehlerhaften Prozesses: 0xe0c Startzeit der fehlerhaften Anwendung: 0x01ce233959d8796a
Pfad
der fehlerhaften Anwendung: F:\spiele1\empire earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: F:\SPIELE1\EMPIRE EARTH\DX7HRDisplay.dll Berichtskennung: b995f876-8f2c-11e2-857f-6c626de4c601

Error - 17.03.2013 14:11:36 | Computer Name = basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc74643 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009791
ID
des fehlerhaften Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ce23397f222324
Pfad
der fehlerhaften Anwendung: F:\spiele1\empire earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: F:\SPIELE1\EMPIRE EARTH\DX7HRDisplay.dll Berichtskennung: 1afad808-8f2e-11e2-857f-6c626de4c601

Error - 18.03.2013 13:14:27 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm TombRaider.exe, Version 1.0.716.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1198 Startzeit:
01ce23f2dbe80d15 Endzeit: 1010 Anwendungspfad: F:\Spiele\Tombraider\TombRaider.exe

Berichts-ID:


Error - 18.03.2013 13:16:19 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm TombRaider.exe, Version 1.0.716.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 107c Startzeit:
01ce23fc11524885 Endzeit: 770 Anwendungspfad: F:\Spiele\Tombraider\TombRaider.exe

Berichts-ID:


Error - 24.03.2013 06:55:05 | Computer Name = basti-PC | Source = Application Hang | ID = 1002
Description = Programm StubInstaller.exe, Version 2.0.27.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ad8 Startzeit: 01ce287dd0440f05 Endzeit: 5 Anwendungspfad: C:\Users\basti\AppData\Local\Temp\RarSFX0\StubInstaller.exe

Berichts-ID:


Error - 24.03.2013 07:02:37 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 24.03.2013 07:06:49 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 24.03.2013 07:07:06 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

[ System Events ]
Error - 21.03.2013 06:40:55 | Computer Name = basti-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070490 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
(KB976932)

Error - 21.03.2013 06:50:09 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 21.03.2013 06:50:09 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 22.03.2013 06:45:06 | Computer Name = basti-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 23.03.2013 07:09:08 | Computer Name = basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 23.03.2013 13:43:08 | Computer Name = basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 24.03.2013 07:02:37 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.

Error - 24.03.2013 07:02:38 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066

Error - 24.03.2013 07:06:49 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.

Error - 24.03.2013 07:07:06 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.


< End of report >

Jetzt ist meine Frage was kann man nun dagegen machen ohne so wennig Dateien wie möglich zu verlieren.

 

Themen zu F:\RECYCLER\e621ca05.exe
antivir, autorun, avira, avira searchfree toolbar, bho, crystaldiskinfo, desktop, echtzeit-scanner, entfernen, festplatte, firefox, flash player, google, install.exe, logfile, metin2, object, plug-in, problem, programm, realtek, registry, rundll, security, software, svchost.exe, usb, win32/adware.multiplug.h, win32/dorkbot.d, win32/injector.aedm


« bundestrojaner blockiert abgesicherten modus (windows xp) | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte »


Ähnliche Themen: F:\RECYCLER\e621ca05.exe


  1. recycler/e621ca05.exe auf Laptop/ externer Festplatte, SD-Karte
    Log-Analyse und Auswertung - 09.12.2013 (11)
  2. USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET
    Log-Analyse und Auswertung - 25.08.2013 (27)
  3. C:\windows\system32RECYCLER\e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (29)
  4. recycler/e621ca05.exe auf meiner SD-Karte
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (20)
  5. Verschlüsselungstrojaner e621ca05
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (38)
  6. Trojaner e621ca05.exe auf externer Festplatte. Ist auch mein Rechner befallen?
    Log-Analyse und Auswertung - 21.11.2012 (10)
  7. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (63)
  8. "F:\RECYCLER\e621ca05.exe" kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (22)
  9. ,,Recycler/e621ca05.exe könnte nicht gefunden werden" auf externe Festplatte
    Alles rund um Windows - 19.10.2012 (1)
  10. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Alles rund um Windows - 15.10.2012 (2)
  11. Virus Befall: e621ca05
    Log-Analyse und Auswertung - 08.10.2012 (29)
  12. e621ca05- externe Festplatte nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  13. Ext. Fesplatte zeigt nur noch Verknüpfungen (e621ca05.exe)
    Log-Analyse und Auswertung - 12.09.2012 (3)
  14. recycler e621ca05.exe auf Externer Festplatte
    Log-Analyse und Auswertung - 21.05.2012 (11)
  15. recycler/e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  16. Fehler bei Speicherkarten durch G:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 31.03.2012 (29)
  17. recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler
    Log-Analyse und Auswertung - 21.11.2011 (42)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema F:\RECYCLER\e621ca05.exe - Hallo Ich habe seit gesternabend ein Problem mit meiner Externen Festplatte und zwar werden alle Ordner als Verknüpfung Angezeigt. Wenn ich dort drauf klicke kommt ein Fenster dort steht "F:\RECYCLER\e621ca05.exe" - F:\RECYCLER\e621ca05.exe...
Archiv
Du betrachtest: F:\RECYCLER\e621ca05.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131