| |
| |||||||
Log-Analyse und Auswertung: Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.06.2013, 19:48
| #1 |
| |  Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Seit einiger Zeit habe ich auf meinen Netbook mit hoher CPU-Last zu kämpfen. Der Lüfter läuft dauerhaft, der Rechner reagiert oft träge und hängt sich manchmal (wegen Überhitzung) auf. Ich vermute, dass irgendein Programm oder sogar ein Trojaner hier Amok läuft. Ich würde mich freuen, wenn mir jemand von Euch bei der Analyse des Problems hilft. Nachfolgend die üblichen Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 13.06.2013 20:28:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eg\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free 3,98 Gb Paging File | 2,88 Gb Available in Paging File | 72,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 26,09 Gb Free Space | 26,09% Space Free | Partition Type: NTFS Drive D: | 122,51 Gb Total Space | 17,78 Gb Free Space | 14,51% Space Free | Partition Type: NTFS Computer Name: GONZO | User Name: eg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 19:58:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\eg\Downloads\OTL.exe PRC - [2013.05.16 15:00:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.16 14:59:48 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.05.16 14:59:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.16 14:59:38 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2011.03.03 20:40:30 | 000,619,288 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe PRC - [2010.09.02 20:15:49 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.08.10 00:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010.06.12 06:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2010.06.10 09:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010.06.09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010.05.21 14:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 19:36:37 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 19:31:17 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.10 20:56:08 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\eg\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.15 23:37:43 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013.01.26 20:18:14 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.20 21:16:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.20 21:15:55 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.20 21:13:49 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.20 21:13:13 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.20 21:12:24 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\eg\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe MOD - [2010.05.21 14:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Services (SafeList) ========== SRV - [2013.06.12 19:15:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.25 11:52:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 15:00:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.16 14:59:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys -- (SANDRA) DRV - [2013.05.16 15:01:08 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.05.16 15:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.16 15:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.05.16 15:01:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis) DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2012.04.25 09:03:28 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2011.08.03 13:50:00 | 000,023,144 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2011.05.18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.02.10 18:54:46 | 000,684,664 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.05.10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes,DefaultScope = {040A2185-BD8C-4711-BC4B-45E44F4A4963} IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{040A2185-BD8C-4711-BC4B-45E44F4A4963}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{3334E1F6-0B59-4D23-AAB7-2C1082B77840}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: treestyletab%40piro.sakura.ne.jp:0.14.2013052901 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: syncplaces@andyhalford.com:4.1.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.29 13:51:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 11:52:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.25 11:51:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:44:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 11:52:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.25 11:51:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:44:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.21 21:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Extensions [2011.02.21 21:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.06.06 07:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Firefox\Profiles\13xvkj54.default\extensions [2012.10.16 20:18:13 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eg\AppData\Roaming\mozilla\Firefox\Profiles\13xvkj54.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.05.25 10:47:57 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\firebug@software.joehewitt.com.xpi [2013.06.06 07:47:12 | 001,236,277 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\treestyletab@piro.sakura.ne.jp.xpi [2013.05.13 07:43:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.06 07:47:12 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.05.25 11:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.05.25 11:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.05.25 11:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013.05.25 11:52:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: AdBlock = C:\Users\eg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found O4 - HKLM..\Run: [CompeGPSDev] File not found O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5500A6FB-91F4-40E5-84B8-FAB7BFDE3D5C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89B42C82-1942-4E9A-B100-655B02177761}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9138DA-0A54-4A44-BFF9-DEE87921520A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b93ae107-bd6e-11e2-9ac1-20cf307c54be}\Shell - "" = AutoRun O33 - MountPoints2\{b93ae107-bd6e-11e2-9ac1-20cf307c54be}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.01 15:18:28 | 000,000,000 | -HSD | C] -- C:\Boot [2013.06.03 20:13:45 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Local\.elfohilfe [2013.05.25 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.16 21:13:22 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.16 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Avira [2013.05.16 15:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.16 15:06:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.16 15:06:13 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.16 15:06:13 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.16 15:06:13 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.16 15:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.16 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.16 14:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.15 17:29:56 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Local\LG Electronics [2013.05.15 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\eg\Documents\LG OSP [2013.05.15 17:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone [2013.05.15 17:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2013.05.15 15:03:15 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Mp3tag [2013.05.15 15:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013.05.15 15:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag [2013.05.15 10:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2013.05.15 10:54:59 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013.05.15 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2013.05.15 10:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2013.05.15 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Winamp [2013.05.15 10:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2013.05.15 10:25:16 | 000,000,000 | ---D | C] -- C:\Users\eg\.local [2013.05.15 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Amarok [2013.05.15 10:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Amarok [2013.05.15 08:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java ========== Files - Modified Within 30 Days ========== [2013.06.13 20:14:28 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.13 19:53:12 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 19:00:06 | 000,010,016 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 19:00:06 | 000,010,016 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 18:52:40 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 18:44:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.13 07:09:14 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.13 07:09:14 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.13 07:09:13 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.13 07:09:13 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.13 06:50:04 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 07:21:05 | 000,021,796 | ---- | M] () -- C:\Users\eg\Desktop\feierabendrunde.GPX [2013.06.06 20:20:10 | 132,599,746 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.06.06 18:54:47 | 000,007,598 | ---- | M] () -- C:\Users\eg\AppData\Local\Resmon.ResmonCfg [2013.06.06 18:00:42 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.26 12:23:05 | 000,000,297 | ---- | M] () -- C:\Users\eg\AppData\Roaming\rftg [2013.05.16 21:12:49 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.16 19:24:09 | 000,423,664 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.16 15:01:08 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.16 15:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.16 15:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.16 15:01:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.16 14:56:57 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif [2013.05.15 16:54:40 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.15 14:24:22 | 000,014,347 | ---- | M] () -- C:\Users\eg\AppData\Local\recently-used.xbel ========== Files Created - No Company Name ========== [2030.01.01 15:18:28 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2019.10.03 20:11:49 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2.lnk [2013.06.10 07:21:05 | 000,021,796 | ---- | C] () -- C:\Users\eg\Desktop\feierabendrunde.GPX [2013.06.06 07:45:09 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.15 16:54:40 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.15 14:24:22 | 000,014,347 | ---- | C] () -- C:\Users\eg\AppData\Local\recently-used.xbel [2013.04.28 12:54:03 | 000,011,264 | ---- | C] () -- C:\Users\eg\qlgt_save_v8.db [2013.03.07 22:49:15 | 000,577,536 | ---- | C] () -- C:\windows\System32\ChilkatCsv.dll [2012.06.13 14:42:27 | 000,003,584 | ---- | C] () -- C:\Users\eg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.12 10:16:27 | 000,011,264 | ---- | C] () -- C:\Users\eg\qlgt.db [2012.01.28 10:21:04 | 000,007,598 | ---- | C] () -- C:\Users\eg\AppData\Local\Resmon.ResmonCfg [2011.09.02 09:20:13 | 000,000,297 | ---- | C] () -- C:\Users\eg\AppData\Roaming\rftg [2011.02.21 22:49:11 | 000,000,600 | ---- | C] () -- C:\Users\eg\AppData\Roaming\winscp.rnd [2011.02.20 13:11:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.19 17:12:23 | 000,000,600 | ---- | C] () -- C:\Users\eg\AppData\Local\PUTTY.RND [2010.09.02 20:16:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010.09.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage [2013.05.20 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.easytag [2011.09.04 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.kde [2013.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.purple [2013.05.15 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Amarok [2012.12.29 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\APP_NAME_NON_STRING [2011.02.19 16:10:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Asus [2011.12.12 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\BatteryBar [2012.06.06 11:59:29 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Charles [2011.02.19 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.02.19 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2012.05.30 09:02:28 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dev-Cpp [2011.02.23 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dexpot [2013.06.13 07:33:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dropbox [2013.04.07 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\elsterformular [2013.04.28 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\esri [2013.05.02 20:52:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\EurekaLog [2013.06.10 07:30:16 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\FileZilla [2011.06.22 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Garmin [2012.01.28 14:10:52 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GeoSetter [2013.04.23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GetRightToGo [2012.08.04 08:11:39 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GHISLER [2011.10.06 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gnupg [2013.05.20 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gsak [2012.09.12 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gtk-2.0 [2012.11.01 22:05:03 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\ICAClient [2011.02.20 12:32:49 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\IrfanView [2012.01.11 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\LibreOffice [2011.06.29 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Mobile Atlas Creator [2013.05.16 10:06:58 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Mp3tag [2013.05.13 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\MyPhoneExplorer [2012.06.14 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Notepad++ [2011.03.12 10:47:23 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\OpenOffice.org [2011.02.20 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Opera [2012.12.29 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\PDF Architect [2012.12.29 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\pdfforge [2011.03.18 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Subversion [2012.10.16 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\The Carbon Project [2011.02.21 21:10:36 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Thunderbird [2011.02.19 16:19:34 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 909 bytes -> C:\ProgramData\Temp:DFE3A43A @Alternate Data Stream - 889 bytes -> C:\ProgramData\Temp:6297627A @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.06.2013 20:28:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eg\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free
3,98 Gb Paging File | 2,88 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 26,09 Gb Free Space | 26,09% Space Free | Partition Type: NTFS
Drive D: | 122,51 Gb Total Space | 17,78 Gb Free Space | 14,51% Space Free | Partition Type: NTFS
Computer Name: GONZO | User Name: eg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A01358-2621-45BB-BF25-D74BD3D220F5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{1156460D-3E84-497F-8C7C-E294EE248DE1}" = rport=139 | protocol=6 | dir=out | app=system |
"{1AEC20B1-42E4-475B-8369-E1B29283D9F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E957AB1-37F6-494A-814D-7B667EC75200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{358B1C23-6DDB-413B-9D06-D5FF1B87FCF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{511EE379-17BA-441C-B551-1B23983FFB47}" = lport=445 | protocol=6 | dir=in | app=system |
"{55A44C7B-1AC2-4FF8-9580-9164287E4E27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E59C946-5527-4C23-A8B1-95606F03EE47}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{6CE5FF9A-AA02-4618-9062-BD7D9490F9D3}" = rport=445 | protocol=6 | dir=out | app=system |
"{95F1ADC4-97A3-46AB-B759-7F7D925E166C}" = lport=139 | protocol=6 | dir=in | app=system |
"{960A7489-24CE-423B-AD5F-F8961215736C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2EEEBE4-7771-41C7-BDC6-84FFDBBAE9DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A864ECE1-658D-4391-AB4A-B7406D8B3848}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8F9EF69-7098-48E9-A737-B1F1B1959D28}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF40EDC5-C486-47D6-BD25-8CBFE76A36DE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x86\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E45204E-D469-4A52-A247-A64C630886EB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{4191905D-5569-4313-94E0-79713A83F30E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4BAC7B52-45D2-4BCF-BD20-3C1144B4A0DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51622140-93DA-49E7-86C3-76DA5918AF7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5B9A5092-F2B6-461D-9A4A-5617E253BB52}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5C4C9AB6-FBD0-41AA-B61C-C457D47AB5EC}" = protocol=6 | dir=in | app=c:\users\eg\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C1EA0FE-EBAD-4ACE-93D3-EE7DF9638B3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93556778-0DBB-40C0-ABD8-D10C47781CCD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{98EC341F-05DF-4F52-89A5-C7A1AF3F543C}" = protocol=17 | dir=in | app=c:\users\eg\appdata\roaming\dropbox\bin\dropbox.exe |
"{C334E5D2-21B1-4AA7-B03C-6D25926D1A01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C753CE21-D61C-44FD-BE47-9D45567A4EAC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D7A2A282-4A4A-44AD-A42F-31EDD5BCD011}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D98BCA2C-4039-435F-8BE0-5B791B36AA5E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{E8106E4E-BEA5-4420-971E-4188019F59F9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F867830A-72CF-4610-835F-61E3BBDD297D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC06E007-AF96-4D3F-8F0C-5468F27FB0E5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{02EA4E22-A842-4130-815F-779781A8C5D7}C:\users\eg\downloads\winscp.exe" = protocol=6 | dir=in | app=c:\users\eg\downloads\winscp.exe |
"TCP Query User{4DAAF179-2409-4063-9C94-8C60D616B969}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6C0FBDC3-DADB-4F39-9786-71456A160E79}C:\program files\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
"TCP Query User{72CAE42C-446B-4959-AE97-56B5918A4F9C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B38A1931-A176-4842-80B2-78F3EF707F07}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C5433DE0-F98B-4599-A93D-80D1C34BBE44}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E124EDDB-33AC-4EEF-A743-2C0EC85DD8D4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F9697476-9BCA-45C1-8AB3-E4E498A58354}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{30F4FCF0-2FCB-49C8-B520-FCD7873E9C35}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{3FC7955A-070F-4575-8F24-89AB827188E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{95C5B411-F950-4F80-9E5C-B566B3DFA32D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A1E2CCFF-DA77-4187-976B-3518196F21F0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{ABCC1B6E-7BDD-40D2-907B-A0B6E829623F}C:\users\eg\downloads\winscp.exe" = protocol=17 | dir=in | app=c:\users\eg\downloads\winscp.exe |
"UDP Query User{D552B1ED-5F0D-40EF-9341-FF1D32F9139D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{DC35982E-A5E1-4D79-B184-0E436F08145A}C:\program files\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
"UDP Query User{F57E98E6-D6D7-4B03-9505-D5C30D317FC4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}" = GraphicsSwitch
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{336A2C72-3D31-42F8-B6C0-8D1135FA5B0D}" = RCH65 Spoiler Downloader
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C6C88F-FA95-49C8-B57D-5C5F093738E1}" = iTunes
"{49A3D943-9A41-44D7-9C28-E0EB6C1BB336}" = TortoiseSVN 1.6.13.20954 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF1B080-4BE2-4355-ABA6-7902494EA9C7}" = ArcGIS Explorer Desktop
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF16A7AB-D2FA-48E5-9251-8E4CD5C916E1}_is1" = GiMeSpace Desktop Extender 3D v3.1.0.28 (requires Vista or later, install the normal Desktop Extender when using XP!)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompeGPS_7_5_is1" = CompeGPS LAND 7.5.2
"CompeGPS_is1" = CompeGPS LAND 7.5.2
"CompeGPSDownloader_is1" = CompeGPSDownloader version 1.13
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EasyTAG_is1" = EasyTAG 2.1
"ECW ActiveX Controls" = ECW ActiveX Controls 3.1.0.229
"Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL
"ElsterFormular" = ElsterFormular
"Ext2Fsd_is1" = Ext2Fsd 0.50
"FileZilla Client" = FileZilla Client 3.7.0.1
"GIMP-2_is1" = GIMP 2.8.2
"GnuPG" = GNU Privacy Guard
"Google Chrome" = Google Chrome
"GSAK_is1" = GSAK 8.2.1.180
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Kyocera Product Library" = Kyocera Product Library
"LG On-Screen Phone" = LG On-Screen Phone
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55a
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OOBERegBackup_is1" = OOBERegBackup
"Opera 12.00.1467" = Opera 12.00
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PS3 Media Server" = PS3 Media Server
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Spoiler Sync_is1" = Spoiler Sync
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"TwoNav Tablet 2.5.2" = TwoNav Tablet 2.5.2
"TwoNav Tablet_is1" = TwoNav Tablet 2.5.2
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.14.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"Geocaching Live" = Geocaching Live
"RouteConverter" = RouteConverter
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2012 15:50:43 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6084
Error - 13.09.2012 15:50:43 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6084
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7239
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7239
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8253
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8253
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9251
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9251
[ System Events ]
Error - 26.05.2012 10:11:22 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 26.05.2012 15:11:05 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.05.2012 14:46:45 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 30.05.2012 01:48:19 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 30.05.2012 07:10:29 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.05.2012 05:31:31 | Computer Name = gonzo | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 01.06.2012 01:43:35 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 01.06.2012 01:44:43 | Computer Name = gonzo | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.06.2012 01:45:10 | Computer Name = gonzo | Source = DCOM | ID = 10010
Description =
Error - 01.06.2012 05:45:22 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-14 17:23:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-80A23T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\eg\AppData\Local\Temp\uxldqpow.sys
---- System - GMER 2.1 ----
SSDT 8056A11E ZwCreateSection
SSDT 8056A128 ZwRequestWaitReplyPort
SSDT 8056A123 ZwSetContextThread
SSDT 8056A12D ZwSetSecurityObject
SSDT 8056A132 ZwSystemDebugControl
SSDT 8056A0BF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 822919F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822CB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 822D253C 4 Bytes [1E, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 822D2898 4 Bytes [28, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 822D28DC 4 Bytes [23, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 822D2958 4 Bytes [2D, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 822D29AC 4 Bytes [32, A1, 56, 80]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\PDF Architect\HelperService.exe[476] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\PDF Architect\HelperService.exe[476] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\wininit.exe[480] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\wininit.exe[480] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\winlogon.exe[524] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\winlogon.exe[524] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\services.exe[568] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\services.exe[568] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\iPod\bin\iPodService.exe[580] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\iPod\bin\iPodService.exe[580] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\lsass.exe[596] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\lsass.exe[596] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[708] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[708] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\nvvsvc.exe[780] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\nvvsvc.exe[780] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[792] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[792] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[804] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[804] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[848] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[848] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\svchost.exe[928] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\svchost.exe[928] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\svchost.exe[976] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\svchost.exe[976] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1056] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\PDF Architect\ConversionService.exe[1260] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\PDF Architect\ConversionService.exe[1260] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1292] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\WLANExt.exe[1380] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\WLANExt.exe[1380] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\conhost.exe[1388] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\conhost.exe[1388] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\spoolsv.exe[1436] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\spoolsv.exe[1436] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1524] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\AsusService.exe[1888] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\AsusService.exe[1888] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\AsScrPro.exe[1944] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\AsScrPro.exe[1944] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1956] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1956] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\Dwm.exe[2056] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\Dwm.exe[2056] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2064] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2064] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\1&1 Surf-Stick\AssistantServices.exe[2068] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\1&1 Surf-Stick\AssistantServices.exe[2068] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe[2112] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe[2112] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\igfxpers.exe[2176] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\igfxpers.exe[2176] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\hkcmd.exe[2180] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\hkcmd.exe[2180] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\Explorer.EXE[2196] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\Explorer.EXE[2196] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\iTunes\iTunesHelper.exe[2372] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\iTunes\iTunesHelper.exe[2372] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\1&1 Surf-Stick\UIExec.exe[2376] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\1&1 Surf-Stick\UIExec.exe[2376] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2412] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2412] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[2456] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[2456] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\igfxtray.exe[2520] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\igfxtray.exe[2520] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2544] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2544] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2568] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2568] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2656] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2656] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Elantech\ETDCtrl.exe[2832] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Elantech\ETDCtrl.exe[2832] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2900] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2900] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\nvvsvc.exe[2908] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\nvvsvc.exe[2908] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2928] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2928] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[3140] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[3140] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3360] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3360] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3448] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3448] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3472] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3472] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\igfxsrvc.exe[3496] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\igfxsrvc.exe[3496] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\wbem\wmiprvse.exe[3664] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\wbem\wmiprvse.exe[3664] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\taskhost.exe[4064] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\taskhost.exe[4064] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6008] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6008] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Users\eg\Downloads\gmer_2.1.19163.exe[6720] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Users\eg\Downloads\gmer_2.1.19163.exe[6720] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[7816] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[7816] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[7920] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[7920] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab1478
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f@00237f44dc2e 0xE9 0x22 0x11 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f@001813474060 0xD4 0x5A 0x93 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab1478 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f@00237f44dc2e 0xE9 0x22 0x11 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f@001813474060 0xD4 0x5A 0x93 0x36 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? |
| 32 bit, adblock, antivir, avira, bho, bonjour, browser, converter, cpu-last, desktop, error, firefox, flash player, galaxy, gmer.log, home, hängt, install.exe, installation, mozilla, mp3, ntdll.dll, nvpciflt.sys, plug-in, programm, realtek, registry, scan, security, software, svchost.exe, tablet, total commander, trojaner, trojaner?, windows, wlansvc, wrapper |
Baum-Darstellung