Irgendwas blockiert ein einzelnes Programm

scorer · 15.05.2013, 00:06

Sooo
ich habe folgendes Problem - ich führe ein Tool aus (x22 - xinstanthook) und kann mit diesem leider nicht zum server connecten
ich wollte nun wissen, ob man erkennen kann, was diese connection blockt
avast sind alle module aus
firewall sowohl als dienst, als auch in windows ist aus
ich komme im abgesicherten modus sehr gut in das tool hinein und kann zum server connecten - alles kein problem

die normale OTL:

Zitat:

OTL logfile created on: 15.05.2013 00:56:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,00 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 74,11% Memory free
14,00 Gb Paging File | 11,94 Gb Available in Paging File | 85,31% Paging File free
Paging file location(s): m:\pagefile.sys 0 0 [binary data]

%SystemDrive% = L: | %SystemRoot% = L:\Windows | %ProgramFiles% = L:\Program Files (x86)
Drive C: | 142,00 Gb Total Space | 19,13 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
Drive D: | 442,00 Gb Total Space | 392,67 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Drive E: | 813,16 Gb Total Space | 46,63 Gb Free Space | 5,73% Space Free | Partition Type: NTFS
Drive L: | 50,78 Gb Total Space | 17,76 Gb Free Space | 34,98% Space Free | Partition Type: NTFS
Drive M: | 61,01 Gb Total Space | 42,48 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive N: | 100,00 Mb Total Space | 31,53 Mb Free Space | 31,53% Space Free | Partition Type: NTFS

Computer Name: SCORER-PC | User Name: scorer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.15 00:56:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- L:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- L:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.12 02:36:39 | 000,920,472 | ---- | M] (Mozilla Corporation) -- L:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.02.04 23:46:38 | 002,738,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe
PRC - [2013.01.15 17:57:52 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- L:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012.11.29 02:10:08 | 000,661,304 | ---- | M] (Logitech Inc.) -- L:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2012.10.23 10:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- M:\DAEMON Tools Pro\DTShellHlp.exe

========== Modules (No Company Name) ==========

MOD - [2013.04.12 02:36:39 | 003,133,336 | ---- | M] () -- L:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.15 17:57:52 | 014,586,888 | ---- | M] () -- L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- L:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.07.28 18:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- L:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- L:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- L:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.12 02:36:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- L:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.05 08:19:48 | 000,566,568 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- L:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.04.05 08:19:42 | 000,390,952 | ---- | M] () [Disabled | Stopped] -- L:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.04.05 08:17:00 | 000,455,464 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- L:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.04.03 01:17:22 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- L:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- L:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- L:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.01 21:47:24 | 005,132,888 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- L:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- L:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.12 06:40:54 | 000,136,544 | ---- | M] () [Disabled | Stopped] -- M:\amd overdrive\AODAssist.exe -- (AODService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- L:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.27 04:55:28 | 000,068,760 | ---- | M] (SiSoftware) [Disabled | Stopped] -- E:\ssd\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- L:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- L:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- L:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- L:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- L:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- L:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- L:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- L:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.03 02:54:24 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- L:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.01.20 08:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.01.15 19:46:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- L:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.31 00:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- L:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- L:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- L:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.05.26 21:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.10 11:28:26 | 000,129,536 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\silvrlnk.sys -- (SilvrLnk)
DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2011.06.24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- L:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\ssd\SiSoftware Sandra Lite 2013.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- L:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.01.28 16:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- L:\Windows\SysWOW64\drivers\SilvrLnk.sys -- (SilvrLnk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = L:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 7A 35 44 C3 41 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: M:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: L:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: L:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: L:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: M:\OFFICE~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: L:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: L:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.13 23:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: L:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 02:36:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: L:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 02:36:33 | 000,000,000 | ---D | M]

[2013.01.15 17:54:34 | 000,000,000 | ---D | M] (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\Extensions
[2013.05.09 15:14:26 | 000,000,000 | ---D | M] (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\Firefox\Profiles\cik52ndn.default\extensions
[2013.04.20 01:51:07 | 001,017,951 | ---- | M] () (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\firefox\profiles\cik52ndn.default\extensions\antigameorigin@antigame.de.xpi
[2013.01.15 18:31:30 | 000,246,802 | ---- | M] () (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\firefox\profiles\cik52ndn.default\extensions\lazarus@interclue.com.xpi
[2013.02.06 23:13:16 | 000,030,502 | ---- | M] () (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\firefox\profiles\cik52ndn.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.05.09 15:14:26 | 000,870,680 | ---- | M] () (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\firefox\profiles\cik52ndn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 20:16:34 | 000,269,007 | ---- | M] () (No name found) -- L:\Users\scorer\AppData\Roaming\mozilla\firefox\profiles\cik52ndn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.04.12 02:36:32 | 000,000,000 | ---D | M] (No name found) -- L:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 02:36:32 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- L:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2013.04.12 02:36:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- L:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.01 21:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- L:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.04.12 02:36:36 | 000,001,392 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.12 02:36:36 | 000,002,465 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.12 02:36:36 | 000,001,153 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.12 02:36:36 | 000,006,805 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.12 02:36:36 | 000,001,178 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.12 02:36:36 | 000,001,105 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - L:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - L:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - L:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - L:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - L:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - L:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - M:\office 2013\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - L:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - M:\office 2013\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - M:\office 2013\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - L:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - L:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - L:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - L:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - L:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] L:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast] L:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] L:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] L:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - M:\office 2013\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - M:\office 2013\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - M:\office 2013\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - M:\office 2013\Office15\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - L:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - L:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - L:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - L:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - L:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - L:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\office 2013\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\office 2013\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - M:\office 2013\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - M:\office 2013\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - M:\office 2013\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - M:\office 2013\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - L:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - L:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B16982CE-9C04-4174-A0E5-FB39F9FF98BB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - M:\office 2013\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - L:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - L:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (L:\Windows\system32\userinit.exe) - L:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - L:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14335152-5f30-11e2-9981-002618f328a4}\Shell - "" = AutoRun
O33 - MountPoints2\{14335152-5f30-11e2-9981-002618f328a4}\Shell\AutoRun\command - "" = K:\dvdrun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.14 20:34:00 | 000,000,000 | ---D | C] -- L:\Users\scorer\AppData\Roaming\Malwarebytes
[2013.05.14 20:33:54 | 000,000,000 | ---D | C] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.14 20:33:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- L:\Windows\SysNative\drivers\mbam.sys
[2013.05.14 20:33:53 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.14 20:33:53 | 000,000,000 | ---D | C] -- L:\ProgramData\Malwarebytes
[2013.05.13 22:40:05 | 000,378,432 | ---- | C] (AVAST Software) -- L:\Windows\SysNative\drivers\aswSP.sys
[2013.05.13 22:40:05 | 000,033,400 | ---- | C] (AVAST Software) -- L:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.13 22:40:05 | 000,000,000 | ---D | C] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.13 22:40:04 | 001,025,808 | ---- | C] (AVAST Software) -- L:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.13 22:40:04 | 000,080,816 | ---- | C] (AVAST Software) -- L:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.13 22:40:04 | 000,072,016 | ---- | C] (AVAST Software) -- L:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.13 22:40:04 | 000,064,288 | ---- | C] (AVAST Software) -- L:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.13 22:39:56 | 000,041,664 | ---- | C] (AVAST Software) -- L:\Windows\avastSS.scr
[2013.05.13 22:36:25 | 000,000,000 | --SD | C] -- L:\Windows\SysWow64\Microsoft
[2013.05.12 18:30:52 | 000,000,000 | ---D | C] -- L:\Users\scorer\AppData\Local\Microsoft Games
[2013.05.11 21:01:02 | 000,000,000 | ---D | C] -- L:\Users\scorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.08 12:38:14 | 000,000,000 | ---D | C] -- L:\Users\scorer\AppData\Local\ElevatedDiagnostics
[2013.04.27 23:45:49 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\Common Files\Java
[2013.04.23 18:17:04 | 000,000,000 | ---D | C] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.04.23 18:17:00 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\PDF24
[2013.04.23 18:06:22 | 000,000,000 | ---D | C] -- L:\Users\scorer\Desktop\alles zum thema scam
[2013.04.15 19:58:28 | 000,000,000 | ---D | C] -- L:\Users\scorer\.gem
[2013.04.15 19:53:42 | 000,000,000 | ---D | C] -- L:\Users\scorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p0-x64

========== Files - Modified Within 30 Days ==========

[2013.05.15 00:53:19 | 000,067,584 | --S- | M] () -- L:\Windows\bootstat.dat
[2013.05.15 00:53:17 | 1341,526,015 | -HS- | M] () -- L:\hiberfil.sys
[2013.05.15 00:47:07 | 000,016,944 | -H-- | M] () -- L:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 00:47:07 | 000,016,944 | -H-- | M] () -- L:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 00:44:26 | 001,613,340 | ---- | M] () -- L:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 00:44:26 | 000,696,832 | ---- | M] () -- L:\Windows\SysNative\perfh007.dat
[2013.05.15 00:44:26 | 000,652,150 | ---- | M] () -- L:\Windows\SysNative\perfh009.dat
[2013.05.15 00:44:26 | 000,148,128 | ---- | M] () -- L:\Windows\SysNative\perfc007.dat
[2013.05.15 00:44:26 | 000,121,082 | ---- | M] () -- L:\Windows\SysNative\perfc009.dat
[2013.05.15 00:33:31 | 000,000,558 | ---- | M] () -- L:\Users\scorer\Desktop\391749387.exe - Verknüpfung.lnk
[2013.05.14 20:33:54 | 000,001,119 | ---- | M] () -- L:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 00:34:15 | 000,240,142 | ---- | M] () -- L:\Users\scorer\Desktop\dep + windows 7.jpg
[2013.05.14 00:32:17 | 000,347,158 | ---- | M] () -- L:\Users\scorer\Desktop\firewall und uac.jpg
[2013.05.14 00:28:08 | 000,184,865 | ---- | M] () -- L:\Users\scorer\Desktop\o2 box.jpg
[2013.05.14 00:26:48 | 000,251,469 | ---- | M] () -- L:\Users\scorer\Desktop\pc + avast.jpg
[2013.05.13 23:59:05 | 000,000,000 | ---- | M] () -- L:\Windows\SysWow64\config.nt
[2013.05.13 22:40:05 | 000,001,964 | ---- | M] () -- L:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\drivers\aswSP.sys
[2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- L:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- L:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- L:\Windows\avastSS.scr
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- L:\Windows\SysNative\aswBoot.exe
[2013.04.30 21:51:09 | 000,318,390 | ---- | M] () -- L:\Users\scorer\Desktop\naval mine vs legacy.png
[2013.04.27 00:39:53 | 000,038,845 | ---- | M] () -- L:\Users\scorer\Documents\image_1366744911098136.jpg
[2013.04.25 19:25:37 | 001,568,916 | ---- | M] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen(3).pdf
[2013.04.25 18:29:49 | 001,357,483 | ---- | M] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen - stark überarbeitet.pdf
[2013.04.25 18:29:06 | 001,568,592 | ---- | M] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen - ohne bearbeitung.pdf
[2013.04.25 18:27:04 | 001,571,623 | ---- | M] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen - leicht überarbeitet.pdf
[2013.04.23 18:17:04 | 000,001,084 | ---- | M] () -- L:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.04.23 18:17:04 | 000,001,069 | ---- | M] () -- L:\Users\Public\Desktop\PDF24 Fax.lnk

========== Files Created - No Company Name ==========

[2013.05.15 00:33:31 | 000,000,558 | ---- | C] () -- L:\Users\scorer\Desktop\391749387.exe - Verknüpfung.lnk
[2013.05.14 20:33:54 | 000,001,119 | ---- | C] () -- L:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 00:34:15 | 000,240,142 | ---- | C] () -- L:\Users\scorer\Desktop\dep + windows 7.jpg
[2013.05.14 00:32:17 | 000,347,158 | ---- | C] () -- L:\Users\scorer\Desktop\firewall und uac.jpg
[2013.05.14 00:28:07 | 000,184,865 | ---- | C] () -- L:\Users\scorer\Desktop\o2 box.jpg
[2013.05.14 00:26:48 | 000,251,469 | ---- | C] () -- L:\Users\scorer\Desktop\pc + avast.jpg
[2013.05.13 23:59:05 | 000,189,936 | ---- | C] () -- L:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.13 23:59:05 | 000,065,336 | ---- | C] () -- L:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.13 22:40:05 | 000,001,964 | ---- | C] () -- L:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.30 21:51:08 | 000,318,390 | ---- | C] () -- L:\Users\scorer\Desktop\naval mine vs legacy.png
[2013.04.27 00:39:40 | 000,038,845 | ---- | C] () -- L:\Users\scorer\Documents\image_1366744911098136.jpg
[2013.04.25 19:25:40 | 001,568,916 | ---- | C] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen(3).pdf
[2013.04.25 18:30:00 | 001,357,483 | ---- | C] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen - stark überarbeitet.pdf
[2013.04.25 18:29:22 | 001,568,592 | ---- | C] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen - ohne bearbeitung.pdf
[2013.04.25 18:27:18 | 001,571,623 | ---- | C] () -- L:\Users\scorer\Documents\Antrieb Kurbel- und Nockenwellen - leicht überarbeitet.pdf
[2013.04.23 18:17:04 | 000,001,084 | ---- | C] () -- L:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.04.23 18:17:04 | 000,001,069 | ---- | C] () -- L:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.05 04:46:59 | 000,006,596 | ---- | C] () -- L:\Users\scorer\AppData\Roaming\n.sis
[2013.01.15 19:57:09 | 000,024,576 | ---- | C] () -- L:\Windows\SysWow64\AsIO.dll
[2013.01.15 19:57:09 | 000,013,440 | ---- | C] () -- L:\Windows\SysWow64\drivers\AsIO.sys
[2013.01.15 19:02:01 | 013,131,776 | ---- | C] () -- L:\Users\scorer\AppData\Roaming\Sandra.mdb
[2013.01.15 19:00:28 | 001,590,298 | ---- | C] () -- L:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.15 17:51:28 | 000,000,000 | ---- | C] () -- L:\Windows\ativpsrm.bin
[2013.01.15 17:48:15 | 000,014,051 | ---- | C] () -- L:\Windows\SysWow64\RaCoInst.dat
[2011.08.24 21:19:10 | 000,056,320 | ---- | C] () -- L:\Windows\SysWow64\OpenVideo.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- L:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = L:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = L:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = L:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.15 19:47:26 | 000,000,000 | ---D | M] -- L:\Users\scorer\AppData\Roaming\DAEMON Tools Pro
[2013.05.15 00:43:48 | 000,000,000 | ---D | M] -- L:\Users\scorer\AppData\Roaming\Dropbox
[2013.01.29 22:52:51 | 000,000,000 | ---D | M] -- L:\Users\scorer\AppData\Roaming\e-academy Inc
[2013.02.12 01:08:48 | 000,000,000 | ---D | M] -- L:\Users\scorer\AppData\Roaming\Hotspot Shield
[2013.01.15 18:12:43 | 000,000,000 | ---D | M] -- L:\Users\scorer\AppData\Roaming\Leadertech
[2013.01.22 22:10:01 | 000,000,000 | ---D | M] -- L:\Users\scorer\AppData\Roaming\TeamViewer

========== Purity Check ==========

< End of report >

Die Extras.txt:

Zitat:

OTL Extras logfile created on: 15.05.2013 00:56:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,00 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 74,11% Memory free
14,00 Gb Paging File | 11,94 Gb Available in Paging File | 85,31% Paging File free
Paging file location(s): m:\pagefile.sys 0 0 [binary data]

%SystemDrive% = L: | %SystemRoot% = L:\Windows | %ProgramFiles% = L:\Program Files (x86)
Drive C: | 142,00 Gb Total Space | 19,13 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
Drive D: | 442,00 Gb Total Space | 392,67 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Drive E: | 813,16 Gb Total Space | 46,63 Gb Free Space | 5,73% Space Free | Partition Type: NTFS
Drive L: | 50,78 Gb Total Space | 17,76 Gb Free Space | 34,98% Space Free | Partition Type: NTFS
Drive M: | 61,01 Gb Total Space | 42,48 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive N: | 100,00 Mb Total Space | 31,53 Mb Free Space | 31,53% Space Free | Partition Type: NTFS

Computer Name: SCORER-PC | User Name: scorer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- L:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- L:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- L:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "M:\office 2013\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "M:\office 2013\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "L:\Windows\System32\rundll32.exe" "L:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "L:\Windows\System32\rundll32.exe" "L:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "m:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "m:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "M:\office 2013\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "M:\office 2013\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "m:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "m:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F11891-DDB1-481F-B05A-9DE6114F5F4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{076BB72C-D09F-43D8-9FFE-50604B11CE09}" = rport=138 | protocol=17 | dir=out | app=system |
"{2102D516-666C-41DF-B497-264B7BAA1A8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{2AB0A42D-D455-47F4-BFB3-47B3142CA96D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C7FBAE7-86A6-4EEA-B9B7-2D68DA93622E}" = lport=445 | protocol=6 | dir=in | app=system |
"{46851205-6260-4AAF-B6A7-DCE0CF10F920}" = lport=rpc | protocol=6 | dir=in | app=e:\ssd\sisoftware sandra lite 2013.sp1\wnt500x64\rpcsandrasrv.exe |
"{4E527B02-E776-4A16-AF26-EBB702144AFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{5934DB91-E975-4BF6-B224-16FCDE29D92A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D68A0DB-1B7A-4BCC-8F1F-BBE4DD5F3D74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{605BEB1A-DECE-4A66-8819-0E3D0D602605}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61E21924-1384-49D2-BF62-184F61A088CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{6DCD1764-F21B-4CF6-9117-5D19E07BA8DF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=l:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6E4F561F-2996-4AE3-B8DC-247CD5B09F77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84955EC3-ED02-4004-938A-5FBA011851D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{90356323-0AAF-4442-A015-80445CC2DBB6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91A25AC6-4A35-4225-A766-368E9BE960E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9303C1D1-C2BE-4946-9D4D-00FAA0B28B08}" = rport=137 | protocol=17 | dir=out | app=system |
"{97D7CAF6-030B-4302-A7E9-43C3A76B48A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B641673-DD87-4D5B-B6D1-5F4A7B902B67}" = rport=445 | protocol=6 | dir=out | app=system |
"{9ED19A1F-07E2-4C6E-B7FD-959CC8537CFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4DD69EC-0DC7-4942-8C92-3419F493A6FF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C81BE339-1535-47E0-A81C-276E5D7A13F6}" = lport=rpc | protocol=6 | dir=in | app=e:\ssd\sisoftware sandra lite 2013.sp1\rpcagentsrv.exe |
"{CFE62F1F-0F46-4D40-84DD-F04D48421B13}" = lport=6004 | protocol=17 | dir=in | app=m:\office 2013\office15\outlook.exe |
"{DB185213-37E5-492B-B36D-7DB52CF07823}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD7E3DD7-21AA-47EC-8E3C-AA987207DBD6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EDF457BB-42A2-42F5-86FE-986F34C97E55}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F400F20A-A384-47C8-9082-9FC2E2DBC24E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00215EE3-1C33-4142-A9CD-301E2BA9426F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0BE72ABA-28B7-4F5A-8C32-80AAA1FB3036}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{196F8892-CABA-4F51-98BA-F9E21A746C24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20348234-32E7-49A1-AE43-D6774B317D85}" = dir=in | app=l:\program files (x86)\skype\phone\skype.exe |
"{2645E854-A2C5-4AB1-AF45-B9BB672AAD84}" = protocol=6 | dir=in | app=l:\program files (x86)\bonjour\mdnsresponder.exe |
"{27E45C08-BF47-4948-9E79-71509D47CE96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2AE4AB3C-23AC-4A19-B0B8-CB6A8B552E18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35BCA378-EF50-478E-A539-CE527228DDB7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{367C693D-3393-4B95-BE05-6E3F4AEA2BED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A41C7DE-0BAC-4DC0-9160-1BBDB01360D0}" = protocol=17 | dir=in | app=m:\office 2013\office15\ucmapi.exe |
"{3EDAB015-6DB5-440B-BAF4-ED504ADEA277}" = protocol=6 | dir=in | app=m:\asdf\391749387.exe |
"{4074814D-41E7-425A-AE2E-A98FBC9220BC}" = dir=in | app=m:\itunes\itunes.exe |
"{428D8564-A3AF-47BC-A784-D1381C00A36A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{45055F47-CAD7-489C-AB23-8AF812ACC105}" = protocol=6 | dir=in | app=m:\office 2013\office15\ucmapi.exe |
"{573E2A61-5F8B-4FA5-AEE5-E668DF105EE9}" = dir=in | app=l:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5928B530-1A01-4234-9C60-C1F2B7B19C5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63F689B9-2C8E-43C5-B317-58664AF85330}" = protocol=17 | dir=in | app=m:\asdf\391749387.exe |
"{6A4ACDE2-BD57-4D25-B202-203540151227}" = protocol=6 | dir=out | app=system |
"{6F29D11F-3035-4FA9-BFD4-FE747F8D4899}" = protocol=6 | dir=in | app=l:\users\scorer\appdata\roaming\dropbox\bin\dropbox.exe |
"{7105382F-C143-4AD3-80E7-C05A21F7974C}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{7E7397E8-ABD8-4ADD-A117-E88A2ACADE5E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F4673BA-8DCB-4B3A-9212-4B3DCA64FCC0}" = protocol=6 | dir=in | app=m:\office 2013\office15\lync.exe |
"{88BA1174-2153-4FEB-9BB5-4D3627E9DD63}" = protocol=17 | dir=in | app=m:\steam\steam.exe |
"{8E554675-27EA-4BC5-B954-F6D69EEFA183}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93B5D42D-7A13-482B-820B-E24212AB0A5E}" = protocol=17 | dir=in | app=m:\office 2013\office15\lync.exe |
"{96FA6C32-2F94-4EE0-8984-5166F12059FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A85F51C2-F582-4774-AF06-40A72B5C631D}" = protocol=17 | dir=in | app=m:\steam\steamapps\common\dota 2 beta\dota.exe |
"{AAD36960-F0EA-4AE5-95BD-078ECF16DCEA}" = protocol=17 | dir=in | app=l:\users\scorer\appdata\roaming\dropbox\bin\dropbox.exe |
"{B571E77A-3C85-4A5A-92D7-6C6EC560E135}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B97AB27D-1622-41EF-ADD9-00C3B0445C05}" = protocol=17 | dir=in | app=l:\program files (x86)\bonjour\mdnsresponder.exe |
"{B9E2C757-87FA-4B67-A3C1-CC818C2FFD8B}" = dir=in | app=m:\asdf\391749387.exe |
"{C2F50CD8-CB78-417F-870E-167255C29D70}" = dir=out | app=m:\asdf\391749387.exe |
"{CBBA9A30-9602-4A2D-9957-A37D1EF0709D}" = protocol=17 | dir=in | app=l:\program files\bonjour\mdnsresponder.exe |
"{D98252CB-60C8-4BF7-9F68-86160583BB86}" = protocol=6 | dir=in | app=m:\steam\steam.exe |
"{DB7961F5-E5C9-476F-95AB-5C49178066C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF1B8044-BC5F-49EC-AA62-A35222808CBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED0D7BAB-4F57-4A9B-91FD-D39551FFC7A4}" = protocol=6 | dir=in | app=l:\program files\bonjour\mdnsresponder.exe |
"{ED3840EF-0EFB-4B62-BEFC-2DC64D77DF99}" = protocol=6 | dir=in | app=m:\steam\steamapps\common\dota 2 beta\dota.exe |
"{EF90F1C4-6A2C-4928-9D67-49939E768004}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F325B367-2C58-401C-BEF9-8DC5B734DC8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA2FE1BC-DE04-451D-BF93-68544EB8F570}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC28B38A-3023-4C6B-B72F-80AD2A479781}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{75AF0342-079C-4C32-AD20-C5924BAFBDB4}L:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=l:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{7D4857BA-BC21-4670-B6B6-E750206B4551}E:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\program files (x86)\mirc\mirc.exe |
"TCP Query User{810EF15F-114B-4C9A-927A-A60779E20477}L:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=l:\windows\syswow64\java.exe |
"TCP Query User{84ACB6CC-A490-4897-8524-B371E0345A64}M:\qip\qip.exe" = protocol=6 | dir=in | app=m:\qip\qip.exe |
"UDP Query User{22358040-6C53-4960-BB54-36BF446943EE}L:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=l:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{22A705BD-01D9-4AFA-9C3F-BB6D05D7DD56}L:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=l:\windows\syswow64\java.exe |
"UDP Query User{33AE1482-0ABD-4E4A-91FE-1A5FC09F5C23}E:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\program files (x86)\mirc\mirc.exe |
"UDP Query User{9B2A7AAE-0F7E-4436-83A3-6C6E21ABC2AF}M:\qip\qip.exe" = protocol=17 | dir=in | app=m:\qip\qip.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26F8AE36-AC4D-A641-9BA5-8ED97E74CC51}" = ccc-utility64
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4A35302C-A6D3-DDE5-38BA-55E7BABA9670}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013.SP1
"{C5823264-8DFC-6E63-9D69-A35B1A98B537}" = AMD Media Foundation Decoders
"{CDFFF800-E7AB-D678-4D8E-53B8D57AE925}" = AMD Fuel
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07E62208-D2E8-408E-9619-009E4D31EE48}_is1" = GroupGATOR2
"{17C515BE-9EA8-BB8C-28FB-13731C5FD301}" = AMD VISION Engine Control Center
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}" = AMD OverDrive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5C785836-A576-444B-9DD0-74E878695A56}" = CCC Help English
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E25E9970-864D-2AE6-70A2-51D9C6FEF480}" = Catalyst Control Center InstallProxy
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8F817ED-7F1D-05A5-1374-C6D115BC9051}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"GhostMouse_is1" = GhostMouse
"HotspotShield" = Hotspot Shield 2.90
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"ReMouse Standard_is1" = ReMouse Standard
"Steam App 10" = Counter-Strike
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 224540" = Ace of Spades
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"X-Size II" = X-Size II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B5BD4615-7C8A-4E50-9179-71B593CA6B67}_is1" = Ruby 2.0.0-p0-x64
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28.04.2013 21:32:13 | Computer Name = scorer-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 28.04.2013 21:32:13 | Computer Name = scorer-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 07.05.2013 14:02:44 | Computer Name = scorer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SecureDownloadManager.exe, Version:
3.1.0.1, Zeitstempel: 0x50abca8a Name des fehlerhaften Moduls: SecureDownloadManager.exe,
Version: 3.1.0.1, Zeitstempel: 0x50abca8a Ausnahmecode: 0xc0000005 Fehleroffset:
0x0001864a ID des fehlerhaften Prozesses: 0x4e8 Startzeit der fehlerhaften Anwendung:
0x01ce4b4d12b22c10 Pfad der fehlerhaften Anwendung: E:\uni software\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe
Pfad
des fehlerhaften Moduls: E:\uni software\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe
Berichtskennung:
50ee3647-b740-11e2-8680-002618f328a4

Error - 07.05.2013 14:02:46 | Computer Name = scorer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SecureDownloadManager.exe, Version:
3.1.0.1, Zeitstempel: 0x50abca8a Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0150010 Fehleroffset: 0x000847db
ID
des fehlerhaften Prozesses: 0x4e8 Startzeit der fehlerhaften Anwendung: 0x01ce4b4d12b22c10
Pfad
der fehlerhaften Anwendung: E:\uni software\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe
Pfad
des fehlerhaften Moduls: L:\Windows\SysWOW64\ntdll.dll Berichtskennung: 520f3892-b740-11e2-8680-002618f328a4

Error - 09.05.2013 17:24:18 | Computer Name = scorer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Distributor.exe, Version: 0.0.0.0,
Zeitstempel: 0x512d38cb Name des fehlerhaften Moduls: Distributor.exe, Version:
0.0.0.0, Zeitstempel: 0x512d38cb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006d26
ID
des fehlerhaften Prozesses: 0x1654 Startzeit der fehlerhaften Anwendung: 0x01ce4cfa2b244857
Pfad
der fehlerhaften Anwendung: M:\iniuria\Distributor.exe Pfad des fehlerhaften Moduls:
M:\iniuria\Distributor.exe Berichtskennung: cdf56b83-b8ee-11e2-be52-002618f328a4

Error - 14.05.2013 18:21:06 | Computer Name = scorer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .

Error - 14.05.2013 18:26:59 | Computer Name = scorer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .

Error - 14.05.2013 18:29:07 | Computer Name = scorer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .

Error - 14.05.2013 18:30:39 | Computer Name = scorer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .

Error - 14.05.2013 18:39:18 | Computer Name = scorer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .

[ System Events ]
Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:40:27 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:41:01 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible
Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:42:04 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst
"COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058

Error - 14.05.2013 18:53:33 | Computer Name = scorer-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

< End of report >

Auf dem Laptop läuft es auch ohne probleme - selbe dienste laufen (ja, habe dienst für dienst überprüft)
in der ereignisanzeige findet sich nur das:

Code:

ATTFilter

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Windows Error Reporting" /> 
  <EventID Qualifiers="0">1001</EventID> 
  <Level>4</Level> 
  <Task>0</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2013-05-13T18:01:38.000000000Z" /> 
  <EventRecordID>8183</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer>scorer-PC</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data /> 
  <Data>0</Data> 
  <Data>PCA2</Data> 
  <Data>Nicht verfügbar</Data> 
  <Data>0</Data> 
  <Data>391749387.exe</Data> 
  <Data>0.0.0.0</Data> 
  <Data>391749387.exe</Data> 
  <Data>unknown</Data> 
  <Data>unknown</Data> 
  <Data>200</Data> 
  <Data>-1</Data> 
  <Data /> 
  <Data /> 
  <Data /> 
  <Data>L:\Users\scorer\AppData\Local\Temp\{2c709fc9-0734-4ef7-b2b8-54175dd9517a}\appcompat.txt L:\Users\scorer\AppData\Local\Temp\Tab3F02.tmp</Data> 
  <Data /> 
  <Data /> 
  <Data>0</Data> 
  <Data>2823fe20-bbf7-11e2-8a61-002618f328a4</Data> 
  <Data>0</Data> 
  </EventData>
  </Event>

hoffe Ihr habt eine idee - mir würd schon ein ansatz reichen um zu sehen, wovon es geblockt wird..
danke
und grüße
scorer

cosinus · 15.05.2013, 19:50

Hallo und

Zitat:

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation

Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

scorer · 15.05.2013, 22:53

keine weiteren funde - leider
die windows version basiert auf einer "black"-...

habe mit avast gescannt, mache nun einen scan mit Malwarebytes, denke aber bei der größe der festplatten pack ich das erst morgen

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.15.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
scorer :: SCORER-PC [Administrator]

Schutz: Aktiviert

15.05.2013 23:55:47
MBAM-log-2013-05-16 (01-38-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|L:\|M:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 570983
Laufzeit: 1 Stunde(n), 42 Minute(n), 7 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\Users\scorer\Desktop\2.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Users\scorer\Desktop\bot\regbot.rar (PUP.Netcat) -> Keine Aktion durchgeführt.
C:\Users\scorer\Desktop\bot\regbot\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.
C:\Users\scorer\Downloads\disable_pg_ds.rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Users\scorer\Downloads\disable_pg_ds.zip (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Users\scorer\Downloads\Fritz_Box_reconnect.tar (PUP.Netcat) -> Keine Aktion durchgeführt.
D:\saved\backup new\Daten\Verschiedenes\berni&ert\message.zip (PUP.Joke.RJLSoftware) -> Keine Aktion durchgeführt.
E:\Downloads\Iniuria-Distributor-v1.3_pl1.zip (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\Downloads\no_pg_ds_v3(1).rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\Downloads\no_pg_ds_v3.rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.

(Ende)

cosinus · 16.05.2013, 12:41

Zitat:

die windows version basiert auf einer "black"-...

Was bitte soll das genau heißen?
Was für komische Bots und Hacktools wurden da gefunden?

scorer · 16.05.2013, 13:16

es ist halt eine nicht so legale versin
die sachen auf c sind fast egal - da c nicht läuft eigentlich, mein betriebssystme ist auf L
was vielleicht interesant wäre, ich habe patchguard disabled -> aber es auch im "normalen" windows probiert -> da gehts auch ned

ich habe gestenr folgendes probiert
ALLE Dienste + Programme deaktiviert
Im Abgesicherten Modus dann geschaut, welche Dienste da laufen, diese in den Autostart gepackt -> pc gebootet
Im abgesicherten modus wurde die connection hergestellt
im normalen leider nicht..

Avast Scannt gerade
grüße

cosinus · 16.05.2013, 13:32

Zitat:

es ist halt eine nicht so legale versin

Dann werden wir hier nicht bereinigen
Voraussetzung für die Bereinigung ist, dass wir weder Cracks/Keygens in den Logs sehen und dass du selbstverständlich eine legale Windows-Installation hast

Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Besorg dir ein legales Windows und installiere es.

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

scorer · 16.05.2013, 14:40

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.15.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
scorer :: SCORER-PC [Administrator]

Schutz: Aktiviert

16.05.2013 12:32:54
MBAM-log-2013-05-16 (15-39-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (E:\|L:\|M:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 855932
Laufzeit: 2 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
E:\Downloads\Iniuria-Distributor-v1.3_pl1.zip (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\Downloads\no_pg_ds_v3(1).rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\Downloads\no_pg_ds_v3.rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\verschiedenes\rhc\client\patches\Windows 7\64 bit\Service Pack 0\2.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\verschiedenes\rhc\client\patches\Windows 7\64 bit\Service Pack 1\2.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\verschiedenes\rhc\client\patches\Windows Vista\64 bit\2.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\verschiedenes\rhc9\readme\patches\disable_pg_win7.rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
E:\verschiedenes\rhc9\readme\patches\disable_pg_win8.rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
L:\Users\scorer\Desktop\no_ds_pg.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.

(Ende)

also nix schlimmes..

ja ok, verstehe ich
hab ne legale version direkt daneben liegen, aber naja ist die version lief bisher immer gut
#closerequest
danke

Irgendwas blockiert ein einzelnes Programm

Antiviren-, Firewall- und andere Schutzprogramme: Irgendwas blockiert ein einzelnes Programm