Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner o.ä. über Facebook eingefangen

Trojaner o.ä. über Facebook eingefangen


Log-Analyse und Auswertung: Trojaner o.ä. über Facebook eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.06.2013, 11:51   #1
ballerfarm
 
Trojaner o.ä. über Facebook eingefangen - Standard

Trojaner o.ä. über Facebook eingefangen


Hallo liebes Trojaner-Board-Team,

ich habe mir wohl einen Trojaner oder ähnliches über Facebook eingefangen und da ich mir scheinbar nicht selber helfen kann, wende ich mich nun an euch. Der Trojaner verbreitet sich über Facebook schneeballsystemartig, indem er Gruppeneinladung verschickt und zu einer Browsererweiterung verleitet, welche vermutlich eine Schadsoftware enthält. Diese habe ich mir wohl in einem unachtsamen Moment installiert. Ich habe zahlreiche verschiedene Antivirenprogramme durchlaufen lassen, es konnte aber nichts gefunden werden, nur Antivir hat einen Fund gemeldet.

Exportierte Ereignisse:

10.06.2013 17:43 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Mothership\AppData\Local\Temp\5G3doOjT.exe.part'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56e559e4.qua'
verschoben!

Klare Symtome, wie z.b. dubiose Umleitungen etc., kann ich aber nicht benennen.

Ich habe eine Loganalyse nach Anleitung gemacht:

OTL logfile created on: 11.06.2013 11:35:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,02% Memory free
4,00 Gb Paging File | 2,58 Gb Available in Paging File | 64,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 3,70 Gb Free Space | 12,62% Space Free | Partition Type: NTFS
Drive D: | 82,49 Gb Total Space | 14,15 Gb Free Space | 17,16% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MOTHERSHIP-PC | User Name: Mothership | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.11 11:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013.06.11 11:22:20 | 000,050,477 | ---- | M] () -- D:\Downloads\Defogger.exe
PRC - [2013.06.10 14:49:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.10 14:48:22 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.06.10 14:48:19 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.06.10 14:48:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.10 14:48:11 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.27 00:28:05 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mothership\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.04 02:01:59 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.04.30 12:04:48 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe
PRC - [2013.04.30 12:03:00 | 001,648,264 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.03.20 15:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.19 19:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2013.06.11 11:22:20 | 000,050,477 | ---- | M] () -- D:\Downloads\Defogger.exe
MOD - [2013.05.27 00:28:05 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Mothership\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Mothership\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013.06.10 14:49:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.10 14:48:22 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.06.10 14:48:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.27 00:28:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 10:41:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.06 17:27:11 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Mothership\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.19 19:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2013.06.10 14:49:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.06.10 14:49:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.06.10 14:49:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.06.10 14:49:56 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.05.21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.05.21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.01.18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012.01.09 18:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.01.09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012.01.09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.30 13:44:28 | 000,399,424 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjif2u.sys -- (RL_DJIFIE2_USB)
DRV - [2009.10.30 13:44:26 | 000,039,488 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjif2a.sys -- (RL_DJIFIE2_WDM)
DRV - [2009.10.30 13:44:24 | 000,030,784 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjif2m.sys -- (RL_DJIFIE2_MIDI)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2006.12.10 14:47:00 | 004,445,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27411605806974-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=62f97eff0000000000000019d24a8b3e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 01 C3 AF 33 43 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&k=0
IE - HKCU\..\SearchScopes\{0C9873AC-1757-440D-8D88-1393B5172F0E}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3B9197ED-BD29-41A6-8E53-4CD5E024BEAF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{41BE9CBB-0DCF-48A7-9668-5BCFF5259B20}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5ED95C19-8E54-463D-B426-324BA6499635}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{606E4978-3F19-41FB-9A0A-F768B06A07E7}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{A56BD767-C982-4D61-AB7E-E4D2018FABEE}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=18e79530-8358-4382-bf03-23860a403c7f&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EADC7EE9-3FDE-43FB-9BF4-0C142C9CC6C4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8e3e7b12-cd24-42fa-a964-cbf78a28a59a&apn_sauid=97FD2C56-FF47-4BC1-A179-FD02B863A6EB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programm\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 11:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Mothership\AppData\Roaming\Mozilla\Firefox\Profiles\di786wvb.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 11:31:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013.05.27 00:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.27 00:28:07 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Mothership\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Mothership\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mothership\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Programme\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26BC9CD2-F583-4867-89A9-80B0959143A3}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.10 18:15:18 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013.06.10 15:11:24 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.06.10 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.10 15:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.10 14:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.10 14:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.06.10 14:54:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.10 14:54:27 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.10 14:54:27 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.10 14:54:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.10 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.08 13:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.08 13:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.08 13:58:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.08 13:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.29 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.29 12:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.29 12:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.29 11:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.29 11:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.05.27 00:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.11 11:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 11:22:41 | 000,000,000 | ---- | M] () -- C:\Users\Mothership\defogger_reenable
[2013.06.11 10:43:42 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 10:43:42 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 10:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.10 22:07:54 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.10 15:11:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.06.10 14:55:07 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.10 14:49:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.10 14:49:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.10 14:49:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.10 14:49:56 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.08 13:59:06 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 10:47:31 | 000,001,059 | ---- | M] () -- C:\Users\Mothership\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.06 10:47:14 | 000,001,037 | ---- | M] () -- C:\Users\Mothership\Desktop\Dropbox.lnk
[2013.06.05 11:33:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013.05.29 17:36:56 | 000,013,386 | ---- | M] () -- C:\Windows\System32\cc_20130529_173635.reg
[2013.05.29 16:44:49 | 001,854,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.29 16:44:49 | 000,513,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.29 16:44:49 | 000,299,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.29 16:44:49 | 000,037,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.29 12:15:31 | 000,001,535 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.29 11:31:18 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.16 11:06:35 | 000,309,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.11 11:22:41 | 000,000,000 | ---- | C] () -- C:\Users\Mothership\defogger_reenable
[2013.06.10 14:55:07 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.08 13:59:06 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.29 17:36:45 | 000,013,386 | ---- | C] () -- C:\Windows\System32\cc_20130529_173635.reg
[2013.05.29 12:15:31 | 000,001,535 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.29 11:31:17 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.02 12:16:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.02.12 22:46:23 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013.01.11 00:16:05 | 000,007,604 | ---- | C] () -- C:\Users\Mothership\AppData\Local\Resmon.ResmonCfg
[2013.01.06 17:29:52 | 000,019,553 | ---- | C] () -- C:\Windows\hpqins13.dat
[2013.01.06 17:27:24 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.09.24 21:38:51 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.09.19 17:03:24 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.09.19 17:03:24 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.09.19 17:03:24 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.09.19 17:03:24 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.09.19 17:03:24 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.09.19 17:03:24 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.09.19 17:03:24 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.09.19 17:03:24 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.09.19 17:03:24 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.09.19 17:03:24 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.09.19 17:03:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.09.19 17:03:24 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.09.19 17:03:24 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.09.19 17:03:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.09.19 17:03:24 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.09.19 17:03:24 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.09.19 17:03:24 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.09.19 17:03:24 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.09.19 17:03:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.06.26 23:49:44 | 000,006,656 | ---- | C] () -- C:\Users\Mothership\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.05 17:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >




Zweites Log:




OTL Extras logfile created on: 11.06.2013 11:35:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,02% Memory free
4,00 Gb Paging File | 2,58 Gb Available in Paging File | 64,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 3,70 Gb Free Space | 12,62% Space Free | Partition Type: NTFS
Drive D: | 82,49 Gb Total Space | 14,15 Gb Free Space | 17,16% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MOTHERSHIP-PC | User Name: Mothership | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1231C90A-2363-4139-B84F-3A47E1AE7782}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1701976C-B577-4952-8F2C-561A61E03905}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D4CC4CA-0D4B-43B0-AD48-451DC35B2889}" = rport=138 | protocol=17 | dir=out | app=system |
"{1ED78D7F-92AF-44AF-BBDE-9D5C9354697B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2815F5BD-CB60-480C-9A8A-2BF2A9364E4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29BBBBD4-28C5-4486-9A31-BC4ACB9A67CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C84C9A1-E6DF-45D4-8364-21C6D5404D9A}" = lport=139 | protocol=6 | dir=in | app=system |
"{32A6CFE2-243B-4C40-A15A-DF40374E3402}" = lport=138 | protocol=17 | dir=in | app=system |
"{3A477834-69E5-4808-885A-8CEC77127489}" = rport=10243 | protocol=6 | dir=out | app=system |
"{53BA9454-21BF-427E-83D3-8310E8A74A6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65DEF3AF-9A5F-4B73-8894-C7F20BB4E6A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{65ECC847-BBF3-488C-B751-636D13E4683B}" = rport=445 | protocol=6 | dir=out | app=system |
"{662FBECE-4B2C-4DA0-968F-037CD034089E}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FB0FF43-66A1-4D3B-9F13-151720D556E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{72D9B467-4F89-4F01-A9CE-65594BE861AB}" = lport=137 | protocol=17 | dir=in | app=system |
"{7668B17D-4580-42D2-BF2E-D865E9CE8FE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B42040A-0C94-4155-BCAB-1002860F3602}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84BA3DDF-6EAC-4217-BC34-90EEBF576723}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EEA1C2E-C109-46EF-A97D-A6BA03F6C7C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A68F9916-9BEA-4C0C-AF00-14B3B3954B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6FCA4ED-337C-42F5-AD54-6C941A124511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C506A3F2-9F9B-4DA9-9989-A8522EA8D441}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF318D1F-0C64-46FF-8697-FA2068406AA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00397A3B-3A7D-494E-B02D-909A29896674}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09264416-ED54-4569-9077-DAA622FA5696}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FBA3D52-3B31-4432-AB52-8F355F0F3B50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14EFC7BF-FF55-4B98-8771-E5B39D4AD6E2}" = protocol=17 | dir=in | app=c:\users\mothership\appdata\roaming\dropbox\bin\dropbox.exe |
"{1552B5E3-D809-4FB2-8341-5D458C7A3AB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2183E4AC-C62E-44E7-A549-234FA8E30F67}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{259343EB-F235-4734-A770-5730063DFC8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{358CD64C-BDA7-42F0-B152-D2BE0DD75F85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{387A51CA-E1AE-4448-9987-D41B62C791FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EC91718-E26D-4402-B0CE-A2982D6ADEC6}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{4A504F6E-EE7F-4D5D-9379-CFFC1A8EF6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DA35E0B-6631-4844-B8C5-82D6D8FC7777}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{558B4A79-F3C5-4A50-BCAC-0398ACF2BAF7}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{98095B58-679B-47F5-9890-437B7C21482E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DE03E2B-6950-441B-AEF3-4E95A4D5DD33}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E110E30-8520-445F-9481-256B412568DF}" = protocol=17 | dir=in | app=d:\game\coh gold\reliccoh.exe |
"{9F48B3C8-44AE-498C-9B00-FFA5311C7397}" = protocol=6 | dir=in | app=d:\game\coh gold\relicdownloader\relicdownloader.exe |
"{9FC6FD74-55CF-47F7-A949-A161C2C506DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FFC8F92-CC6E-4396-8EA2-9A47599E7373}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2D661A5-3F70-49AB-A7AB-45F5634C92DB}" = protocol=6 | dir=in | app=d:\game\coh gold\reliccoh.exe |
"{B2C9A51A-18C7-4EF4-94CD-C147D9B08B15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDE3B1C3-3A54-4D88-AD1B-7F5AA7EFA77A}" = protocol=6 | dir=in | app=c:\users\mothership\appdata\roaming\dropbox\bin\dropbox.exe |
"{CA76AF02-D11B-4AA5-BDF2-30C0BB7D0B0D}" = protocol=17 | dir=in | app=d:\game\coh gold\relicdownloader\relicdownloader.exe |
"{CB1BBF24-20D7-43BB-93EC-D329F9B411D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB3A8916-4811-4B31-B88B-8B21ACC8674D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6DC7BEA-9C1C-4DA2-AF09-B11B9F165F1F}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{E582A099-0FD0-401C-8E4B-0CA77CBFB07E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E881DF2F-19B8-40F5-938F-F26D352B10E0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F0FBD4E6-3107-4E45-80CA-7CED7FD235D5}" = dir=in | app=d:\programm\itunes\itunes.exe |
"{F663DA6F-9181-4ADD-9D0D-3354E225AFB3}" = protocol=6 | dir=out | app=system |
"{F9BFC443-9009-481E-821E-CFEC1C2534E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74852D78-260B-0612-89EE-D414414CFF60}" = GameFly
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DC996B67-77AB-4392-A0D3-BA998CA10916}_is1" = Easy Video Cutter 2.3
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1ClickDownload" = HDVidCodec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"com.beatport.BeatportDownloader" = Beatport Downloader
"Company of Heroes" = Company of Heroes
"DesktopIconAmazon" = Desktop Icon für Amazon
"Eastern Front" = Eastern Front
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EXCEL" = Microsoft Office Excel 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"GameFly" = GameFly
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mendeley Desktop" = Mendeley Desktop 1.5.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NVIDIA Drivers" = NVIDIA Drivers
"Panzer Corps1.03" = Panzer Corps
"PartyPoker" = PartyPoker
"PokerStars.eu" = PokerStars.eu
"POWERPOINT" = Microsoft Office PowerPoint 2007
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"USB_AUDIO_DEusb-audio.deRLDJIF2" = Digital Jockey - IE2
"VLC media player" = VLC media player 2.0.3
"WaveLabPro" = WaveLab 6
"WinRAR archiver" = WinRAR
"WORD" = Microsoft Office Word 2007
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08.06.2013 07:53:06 | Computer Name = Mothership-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 63366436

Error - 08.06.2013 07:53:06 | Computer Name = Mothership-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 63366436

Error - 10.06.2013 11:00:19 | Computer Name = Mothership-PC | Source = ESENT | ID = 486
Description = Windows (2708) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0002A.log"
nach "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" zu
verschieben, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die
Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Verschieben von Dateien.

Error - 10.06.2013 11:00:19 | Computer Name = Mothership-PC | Source = ESENT | ID = 413
Description = Windows (2708) Windows: Neue Protokolldatei konnte nicht erstellt
werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk
ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu
wenig freien Speicherplatz. Fehler -1032.

Error - 10.06.2013 11:00:19 | Computer Name = Mothership-PC | Source = ESENT | ID = 492
Description = Windows (2708) Windows: Die Protokolldatei-Reihenfolge in "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\"
wurde durch einen schwerwiegenden Fehler angehalten. Für die Datenbank, die diese
Protokolldatei-Reihenfolge verwendet, sind keine weiteren Aktualisierungen möglich.
Bitte korrigieren Sie das Problem, und starten Sie erneut, oder führen Sie eine
Wiederherstellung aus einer Sicherung durch.

Error - 10.06.2013 13:10:04 | Computer Name = Mothership-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 10.06.2013 13:10:04 | Computer Name = Mothership-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 10.06.2013 13:10:05 | Computer Name = Mothership-PC | Source = ESENT | ID = 104
Description = Windows (2708) Windows: Das Datenbankmodul hat die Instanz (0) mit
dem Fehler (-510) beendet.

Error - 11.06.2013 04:30:56 | Computer Name = Mothership-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.06.2013 04:30:57 | Computer Name = Mothership-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 43129644

Error - 11.06.2013 04:30:57 | Computer Name = Mothership-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 43129644

[ OSession Events ]
Error - 19.01.2013 09:58:41 | Computer Name = Mothership-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 869
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07.01.2013 14:12:18 | Computer Name = Mothership-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.

Error - 07.01.2013 15:02:56 | Computer Name = Mothership-PC | Source = BROWSER | ID = 8032
Description =

Error - 08.01.2013 04:31:49 | Computer Name = Mothership-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 09:28:20 unerwartet heruntergefahren.

Error - 08.01.2013 14:40:47 | Computer Name = Mothership-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 19:39:09 unerwartet heruntergefahren.

Error - 08.01.2013 17:50:07 | Computer Name = Mothership-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 09.01.2013 17:16:36 | Computer Name = Mothership-PC | Source = BROWSER | ID = 8032
Description =

Error - 09.01.2013 18:01:08 | Computer Name = Mothership-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 10.01.2013 18:21:59 | Computer Name = Mothership-PC | Source = DCOM | ID = 10010
Description =

Error - 10.01.2013 19:00:32 | Computer Name = Mothership-PC | Source = BROWSER | ID = 8032
Description =

Error - 13.01.2013 02:13:05 | Computer Name = Mothership-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


< End of report >


Die Anlayse mit GMER führte zu einem Systemabsturz.


Kann mir bitte jemand helfen.

MFG

 

Themen zu Trojaner o.ä. über Facebook eingefangen
1clickdownload, autorun, avira, avira searchfree toolbar, bho, bonjour, desktop, error, firefox, flash player, format, homepage, install.exe, kaspersky, logfile, malware, mozilla, msiexec.exe, object, problem, prozess, registry, rundll, security, starten, svchost.exe, trojaner, virus, windows


« Wie entferne ich System Doctor 2014? | wssetup.exe Perion Network Ltd. - Hilfe, ich will das los werden! »


Ähnliche Themen: Trojaner o.ä. über Facebook eingefangen


  1. vermutlich Trojaner über Facebook eingefangen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (3)
  2. Spyware/Trojaner über angelickte Facebook Markierung?
    Alles rund um Mac OSX & Linux - 03.03.2015 (12)
  3. Gestern (11.5.) Trojaner über Facebook eingefangen, antimaleware hat 41 Objekte gefunden. Sind in Quarantäne. Wie geht es weiter? Log folgt
    Log-Analyse und Auswertung - 19.05.2014 (11)
  4. Facebook Trojaner Weeeeeeeeeer ist daassas? eingefangen - Fragen dazu
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (5)
  5. Trojaner verschickt Bilderlinks über Facebook
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (21)
  6. Worm:Win32/Phorpiex.B über facebook eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (26)
  7. GEMA - Trojaner über facebook-Link www.chinamartusa.com
    Log-Analyse und Auswertung - 03.01.2012 (16)
  8. Trofaner über Facebook eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (5)
  9. Facebook Trojaner eingefangen?
    Log-Analyse und Auswertung - 01.12.2011 (3)
  10. Trojaner (evtl. über Facebook) was tun?
    Log-Analyse und Auswertung - 15.11.2011 (12)
  11. Facebook Trojaner / Backdoor eingefangen?
    Log-Analyse und Auswertung - 11.11.2011 (19)
  12. Trojaner über Facebook
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (37)
  13. Trojaner TR/Phorpiex.90112.29 und BDS/Gbot.por.4 über Facebook
    Log-Analyse und Auswertung - 01.11.2011 (31)
  14. Facebook-Trojaner eingefangen
    Log-Analyse und Auswertung - 27.10.2011 (16)
  15. Virus/Trojaner über Facebook eingefangen oder nicht?
    Log-Analyse und Auswertung - 14.04.2011 (11)
  16. Trojaner facebook-pic000934519.exe eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2011 (15)
  17. Mit Trojaner (Worm.KoobFace) über Facebook infiziert/Trojaner verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner o.ä. über Facebook eingefangen - Hallo liebes Trojaner-Board-Team, ich habe mir wohl einen Trojaner oder ähnliches über Facebook eingefangen und da ich mir scheinbar nicht selber helfen kann, wende ich mich nun an euch. Der - Trojaner o.ä. über Facebook eingefangen...
Archiv
Du betrachtest: Trojaner o.ä. über Facebook eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131