| Avazutracking Virus Hallo
Scheinbar habe ich mir den avazutracking virus eingefangen. In unregelmäßigen abständen öffnet sich in meinem Browser ein Tab das mich auf irgendeine Seite weiterleiten will. Könnt ihr mir helfen das wieder los zu werden?
Ich habe defogger, OTL und GMER bereits laufen lassen. Bei defogger bin ich mir nicht sicher ob das alles richtig lief. Defogger: Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:42 on 20/06/2013 (Benedikt)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| OTL: Zitat:
OTL logfile created on: 20.06.2013 14:31:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benedikt\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 74,67% Memory free
6,50 Gb Paging File | 5,40 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 36,83 Gb Free Space | 15,81% Space Free | Partition Type: NTFS
Computer Name: PC-BENEDIKT | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ==========
PRC - [2013.06.20 14:26:43 | 000,050,477 | ---- | M] () -- C:\Users\Benedikt\Desktop\Defogger.exe
PRC - [2013.06.20 14:26:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Downloads\OTL.exe
PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.03.15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.16 01:53:21 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.10.11 16:15:04 | 000,108,544 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012.09.13 01:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012.06.20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ==========
MOD - [2013.06.20 14:26:43 | 000,050,477 | ---- | M] () -- C:\Users\Benedikt\Desktop\Defogger.exe
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.09.13 01:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012.09.13 01:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012.09.13 01:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012.09.13 01:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012.09.13 01:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012.09.13 01:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ========== Services (SafeList) ==========
SRV - [2013.06.12 19:59:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.01 20:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.16 01:53:21 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ==========
DRV - [2013.06.19 14:01:21 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.04.24 12:38:54 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013.04.24 12:38:53 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.10.31 02:18:23 | 000,489,048 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\2070810drv.sys -- (2070810drv)
DRV - [2012.10.31 02:10:41 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.31 02:10:41 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.09.21 21:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC)
DRV - [2012.09.21 21:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2006.11.02 09:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.retterspitz.de/willkommen
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{92FA829A-F713-49B9-9CA8-408037C9FEC4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=61BB70DF-B34A-48DB-822F-94894E9CF5B4&apn_sauid=15E67E30-34D9-4FD7-B155-A86E70D5D055
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://proxy.kodak.com:81/proxy.pac ========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 12:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 12:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 12:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.11.18 19:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.16 20:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\components [2013.03.05 14:13:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\plugins [2013.05.17 22:11:27 | 000,000,000 | ---D | M]
[2012.10.31 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2013.06.11 22:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\2sthi553.default-1370976688492\extensions
[2013.06.11 22:48:06 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\firefox\profiles\2sthi553.default-1370976688492\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21BB9A4A-CB0B-48C3-BF0D-2DE5D9342749}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ==========
[2013.06.16 13:45:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Fatshark
[2013.05.22 17:32:24 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2013.05.22 17:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.22 17:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.10.31 00:06:37 | 017,804,184 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2012.10.31 00:06:37 | 000,157,712 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2012.10.31 00:06:37 | 000,096,664 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2012.10.31 00:06:37 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2012.10.31 00:06:36 | 002,850,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.10.31 00:06:36 | 000,813,976 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2012.10.31 00:06:36 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2012.10.31 00:06:36 | 000,641,944 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2012.10.31 00:06:36 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2012.10.31 00:06:36 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2012.10.31 00:06:36 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2012.10.31 00:06:36 | 000,277,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2012.10.31 00:06:36 | 000,271,768 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2012.10.31 00:06:36 | 000,193,168 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.10.31 00:06:36 | 000,171,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2012.10.31 00:06:36 | 000,155,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2012.10.31 00:06:36 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2012.10.31 00:06:36 | 000,142,744 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.10.31 00:06:36 | 000,115,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.10.31 00:06:36 | 000,104,344 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2012.10.31 00:06:36 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2012.10.31 00:06:36 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2012.10.31 00:06:36 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2012.10.31 00:06:36 | 000,021,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2012.10.31 00:06:36 | 000,021,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2012.10.31 00:06:36 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2012.10.31 00:06:36 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2012.10.31 00:06:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2012.10.31 00:06:35 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2012.10.31 00:06:35 | 000,917,400 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2012.10.31 00:06:35 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2012.10.31 00:06:35 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2012.10.31 00:06:35 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ==========
[2013.06.20 14:29:40 | 000,000,000 | ---- | M] () -- C:\Users\Benedikt\defogger_reenable
[2013.06.20 14:26:43 | 000,050,477 | ---- | M] () -- C:\Users\Benedikt\Desktop\Defogger.exe
[2013.06.20 13:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.20 12:43:10 | 000,025,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.20 12:43:10 | 000,025,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.20 12:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.20 12:35:40 | 2616,053,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 14:01:21 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013.06.14 02:00:44 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.14 02:00:44 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.14 02:00:44 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.14 02:00:44 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.07 23:49:40 | 000,139,112 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.06.07 23:49:30 | 000,280,792 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.06.07 23:47:42 | 000,280,856 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.06.03 03:37:34 | 000,315,445 | ---- | M] () -- C:\Users\Benedikt\Documents\HS Arbeit Geschichtsdidaktik.pdf
[2013.06.02 23:51:41 | 000,307,229 | ---- | M] () -- C:\Users\Benedikt\Documents\HS-Arbeit Benedikt Trampisch.pdf
[2013.05.23 02:38:24 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ==========
[2013.06.20 14:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Benedikt\defogger_reenable
[2013.06.20 14:26:42 | 000,050,477 | ---- | C] () -- C:\Users\Benedikt\Desktop\Defogger.exe
[2013.06.03 03:37:31 | 000,315,445 | ---- | C] () -- C:\Users\Benedikt\Documents\HS Arbeit Geschichtsdidaktik.pdf
[2013.06.02 23:51:40 | 000,307,229 | ---- | C] () -- C:\Users\Benedikt\Documents\HS-Arbeit Benedikt Trampisch.pdf
[2013.05.23 02:38:24 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.08 21:43:09 | 000,139,112 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.04.08 21:43:08 | 000,138,056 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\PnkBstrK.sys
[2013.04.08 21:42:30 | 000,280,792 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.04.08 21:42:18 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.10.31 07:05:40 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.10.31 07:05:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.10.31 07:05:39 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.10.31 07:05:39 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.10.31 00:06:36 | 009,453,213 | ---- | C] () -- C:\Program Files\omni.ja
[2012.10.31 00:06:36 | 003,023,256 | ---- | C] () -- C:\Program Files\mozjs.dll
[2012.10.31 00:06:36 | 000,036,107 | ---- | C] () -- C:\Program Files\removed-files
[2012.10.31 00:06:36 | 000,001,723 | ---- | C] () -- C:\Program Files\precomplete
[2012.10.31 00:06:36 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2012.10.31 00:06:36 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2012.10.31 00:06:36 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2012.10.31 00:06:36 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2012.10.31 00:06:36 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini
[2012.10.31 00:06:36 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.10.31 00:06:35 | 000,047,129 | ---- | C] () -- C:\Program Files\blocklist.xml
[2012.10.31 00:06:35 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2012.10.31 00:06:35 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2012.10.31 00:06:35 | 000,000,463 | ---- | C] () -- C:\Program Files\application.ini
[2012.10.31 00:06:35 | 000,000,183 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2012.10.30 23:47:59 | 000,017,408 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\WebpageIcons.db
[2012.10.30 23:25:28 | 000,000,182 | ---- | C] () -- C:\Windows\wininit.ini
[2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both ========== LOP Check ==========
[2013.02.26 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Amazon
[2013.01.12 02:54:36 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\APP_NAME_NON_STRING
[2013.04.07 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\cge
[2012.11.07 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.07 23:13:26 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.06.16 13:45:06 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Fatshark
[2012.11.15 01:20:11 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Leadertech
[2012.10.31 00:44:35 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\OpenCandy
[2013.01.12 02:54:00 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\pdfforge
[2013.06.05 21:35:01 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Spotify
[2012.11.18 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Swiss Academic Software
[2013.02.03 18:07:35 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\The Creative Assembly
[2012.12.15 19:32:00 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\TS3Client
[2012.11.01 18:18:19 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\wargaming.net ========== Purity Check ==========
< End of report >
| Extras: Zitat:
OTL Extras logfile created on: 20.06.2013 14:31:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benedikt\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 74,67% Memory free
6,50 Gb Paging File | 5,40 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 36,83 Gb Free Space | 15,81% Space Free | Partition Type: NTFS
Computer Name: PC-BENEDIKT | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation) ========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0946BD2D-7D1D-4F27-AA7D-C922DF1507C0}" = rport=137 | protocol=17 | dir=out | app=system |
"{1309ABA2-3F3F-469F-86AF-759940C27FD9}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{133A03A9-D787-437D-98EB-85AC936E6394}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{29540AA9-1F75-4445-99A9-05E0F8B61000}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B3F2051-74F9-4010-A68D-F40A737BB763}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{3BA889A6-5F34-4B63-A170-ED685DBE3813}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C9512B4-85A1-43F9-8CCB-A0EC2E895379}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CFE285D-D906-4EA4-90D8-2CCE287B86B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F6E1684-EE28-4F04-91B5-293166920A75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{649E26BD-DF02-42F9-B31F-697D1343142B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6567B860-CCC3-43B0-8A88-5C2825FB88EE}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{6AB9D2A7-31A8-44F4-BEA3-4A6259F79C5F}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C0E428A-B70B-4F30-B712-2332887BA6EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EC056BB-E9DA-4E8A-BCD7-DA62FEBF483E}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{8B5D1E66-1C23-4B9E-A288-D79B18DA46C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{9AE1900C-06C5-4B35-A869-6EE7899B37F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B634F0B-2C1A-451C-9B22-D91A788322F4}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{9F0714E5-37FE-4314-83E0-7BED8D5D4BBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AABD17E1-37FA-4772-851F-0AF81EBF278B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE425703-36AD-4933-9861-C62AE4C3301D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF6724B8-E27C-4BBF-9D0E-5201054C193E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0282FFD-8EE9-4B60-A3D4-C48C9BA54C14}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{B41CC502-D272-4FE6-ACEB-DDA189355602}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{C055A98D-657E-4660-A8FE-C18E2687BBD6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0441652-61B8-44A1-8259-4F5B4E5E3384}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D40D6101-2E32-4835-93A1-19AB69657D66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DAEF2C7C-62DD-4B22-BCC0-BFB04A78B757}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0E60247-53F6-454F-83E0-80855FA92CA1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1B90164-3BF6-441E-83A8-06185B3EBED6}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{E58C5620-FDD0-4C6A-B253-676A0B0BF842}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E638400F-817A-4CEB-9687-5C956CED3B17}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0BB3DF8-A237-4645-95C4-3EB024AE789E}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{F0C2D492-855B-4016-8960-D4B6630CCFBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD2A8E6-12EA-4E49-8700-A167125B4CC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{0E33C3C7-E2CD-4F60-9394-1D858B6492D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{11BCE032-D57A-454F-B830-4DE5FBAC2A66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{17080A8C-5E3D-49FB-9CB5-5246B4C00F97}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{1AB2DA45-8934-43CF-8BB1-D56F1B33E818}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{1FC507CA-D17C-48FB-9A80-67A8F00972D0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wargame european escalation\wargame.exe |
"{2042170F-A4BB-4035-80F4-6A0060DA5215}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wargame european escalation\wargame.exe |
"{249C2261-A9BD-461A-BE2B-965FF356E808}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{25B0845A-CB63-4589-BD1E-6508EB5B5AA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26E334DA-E6FD-4B4F-8E3D-2F18F4DD272D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{2A59FAEA-7215-4E0C-B6D2-ECAA696CF521}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F342093-BF53-4673-BEE3-B8367D936B5D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{37EB6150-B5C3-4371-A01B-56DAAA1CD11E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C13E9B5-09D0-43B1-9075-A40460FD3245}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{3C9562EE-A013-4956-9BF8-4ACC7AA12279}" = protocol=6 | dir=in | app=c:\program files\war thunder\launcher.exe |
"{3EC77A3C-54D0-4EDF-83EF-71C174941089}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{456A3B74-5946-40FC-A079-892A6A77D545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48BB89A5-4863-4CAA-8A69-5607120E73C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51293086-C298-4EE8-961B-4B471FF87407}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"{53FC7F4E-D0B3-4F5A-BFBC-08856EF23261}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{55996118-EFFD-4C9E-9B66-8ED377AEE4F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{57338B80-D4D7-4D1B-B8E8-2BA4D29A1787}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5DC96BBB-65C0-43DB-88FD-D31D288DE1A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5FAF19AC-07A3-495F-942E-2650B4624535}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{5FB8F70B-0D06-404F-A52F-C20B1D1F2A24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60767204-32F5-43DF-A833-80CE45405740}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61562684-F222-40EB-82E6-D077C961F107}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{615E1C68-4AAE-4659-940C-DD38E836A54D}" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\steam.exe |
"{6D8643FB-870C-4AC7-9740-DFB72B871643}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{6FA057B1-5611-48A1-9C22-27E4BB74DA1B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{6FBA2246-CF01-4591-8C92-21FBF14ED8E3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{7568A89C-34B1-4663-AFE2-6405A3B76253}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ss2\shock2.exe |
"{762B787A-9B71-44D6-85E6-FABDCA3CE41C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ss2\shock2.exe |
"{7A1CEA61-7FF1-41EE-AC85-C8D27CE5BCF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{828B0B18-EDF5-430D-BC3E-E196BAC2567A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{865979E6-E383-415F-886E-8192EA2D59E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8661838E-DA83-47B7-858D-27A6C50598B8}" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\steam.exe |
"{8FF36C4D-FCBD-48DC-AD53-AF3DEBC9D9D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{92989266-7118-40F3-8FB9-10A306A6B7E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9608DD98-9E72-4FAF-BB38-B2D2C1815318}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rising storm beta\binaries\win32\rogame.exe |
"{966B3A8D-C54B-453F-969A-77A6634293D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A24E8E10-BDF5-45CF-A203-5487979C0EC7}" = protocol=6 | dir=out | app=system |
"{A34DD5BB-15C4-49FD-BAB0-7C01AF04F953}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war of the roses\run_game.exe |
"{A6B8B7F2-D7B5-463C-819E-29A599EC6A9D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{B4640B26-BAFB-413E-BBE4-BA19BBC438B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BA505499-AF4B-46B4-88F0-AA60C5D6EFE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rising storm beta\binaries\win32\rogame.exe |
"{BAE1538B-3309-4CA0-B1E6-278B5E474A00}" = protocol=17 | dir=in | app=c:\program files\war thunder\launcher.exe |
"{BB1C5A3C-D425-4C00-8591-00E7B6AB14AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB8BF51A-21C2-4B15-A85B-040908825135}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{BC284AF3-B644-40F4-938C-09D8331CE04A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBC7012D-448D-4839-9104-B542C8C36D28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFF1FB01-79D4-4371-ADA0-E42937B5B1CF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war of the roses\run_game.exe |
"{D1E1EA37-656D-43C2-9B99-41C580B2715D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D45D1E65-0504-4863-AB9B-718F5486F378}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DEA720E0-E313-4189-8EE0-CA533051DAE4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{E1F077B4-CC9C-484A-8E63-9E91D1BD420D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{E5C7A67D-1090-4DDD-A924-A5A9D6621097}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"TCP Query User{10DEC032-8B85-4A50-ADC3-9550DFEE93E5}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{1ABAE064-6F29-4467-9B13-B7444B191CE5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{25529F62-C2FF-4B93-BD8C-5D011B0375E3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{46CE47B1-D0E5-4620-A12E-D8B85FAE44A4}C:\users\benedikt\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\skype.exe |
"TCP Query User{4822B3FE-F0F9-4ECB-8A3A-D6C489D49129}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{7120640E-BDE3-41DD-A0C8-E8C33A480193}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9CA19F5B-4D30-46D3-A697-AAC81E306EEA}C:\program files\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files\war thunder\aces.exe |
"TCP Query User{A99B2AB6-6F65-4A06-9D7C-FBF18E58283F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BAA65AAF-9C39-4EF0-917A-836F9879711C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{C0DDB666-11E9-4993-B69B-9DD64F3896C3}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{CCD40A2F-8E57-48AB-AE57-179EA6B0B244}C:\program files\war thunder\launcher.exe" = protocol=6 | dir=in | app=c:\program files\war thunder\launcher.exe |
"TCP Query User{E52279CB-9B67-49CC-8132-7F281B69A349}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{005471DE-AE02-41EF-9DF9-1DF2DBB4B68A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{0A493789-7EF2-4C49-8AB7-AA7588DA6F90}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{0E4E8FBA-3CB3-4BAC-9959-AED1142BD9A3}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{10270BBB-9617-46B2-927B-DB59CFA53FED}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{2786953D-C955-4201-A661-DD348527E88C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{336F3C4B-F7C7-434F-A41A-C3C173F958C2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{4D1AE8F1-7A28-4E81-BED9-F163926C745F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{8CE9467C-BA13-4B55-BAD9-7C5A7EAC186E}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{8F71B85D-4407-4E44-B384-B585E7FBFF0F}C:\program files\war thunder\launcher.exe" = protocol=17 | dir=in | app=c:\program files\war thunder\launcher.exe |
"UDP Query User{9AED9911-C1E5-4EEB-8418-51E111783566}C:\users\benedikt\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\skype.exe |
"UDP Query User{EB290113-2DAF-43D7-986C-A478D04C049C}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe |
"UDP Query User{ECD535B8-F185-4C05-833F-9669DEADD4B2}C:\program files\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files\war thunder\aces.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.164
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}" = KODAK Share-Tastenanwendung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows-Treiberpaket - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"AC3Filter_is1" = AC3Filter 2.6.0b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"cge" = Cambridge Grammar of English
"DivX Setup" = DivX Setup
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PunkBusterSvc" = PunkBuster Services
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 224780" = Rising Storm Beta
"Steam App 238210" = System Shock 2
"Steam App 35450" = Rising Storm/Red Orchestra 2 Multiplayer
"Steam App 42160" = War of the Roses: Kingmaker
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.06.2013 15:45:09 | Computer Name = PC-Benedikt | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers
geschlossen. Programm: Kaspersky Anti-Virus Datei: Der Fehlerwert ist im Abschnitt
"Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut.
Diese
Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei
zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator
überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem
Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z.
B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem,
indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
/F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie
wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien
auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp:
0
Error - 15.06.2013 07:33:46 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 16.06.2013 06:53:48 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 16.06.2013 07:43:56 | Computer Name = PC-Benedikt | Source = VSS | ID = 8194
Description =
Error - 17.06.2013 06:27:26 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 17.06.2013 13:50:41 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 18.06.2013 06:48:13 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 18.06.2013 14:46:36 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 19.06.2013 07:45:14 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
Error - 20.06.2013 06:37:29 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.04.2013 21:19:28 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv
Error - 06.04.2013 21:21:29 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.04.2013 21:21:29 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 07.04.2013 06:17:18 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv
Error - 07.04.2013 06:27:02 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv
Error - 07.04.2013 06:29:03 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 07.04.2013 06:29:03 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 08.04.2013 05:26:46 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv
Error - 08.04.2013 05:28:46 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.04.2013 05:28:46 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
| GMER: Zitat:
MER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-20 16:00:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 SAMSUNG_SP2504C rev.VT100-50 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Benedikt\AppData\Local\Temp\kxdyyaog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xAB08E6BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0xAB041C02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0xAB041F4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0xAB042390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xAB02A28C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xAB0418DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xAB02A804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xAB02A6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xAB041DAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xAB091528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xAB02A924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xAB0909BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0xAB090BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0xAB090660]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xAB041E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xAB090506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xAB02A2D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xAB08E7FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xAB08E464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xAB091320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xAB04006C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xAB02A89A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xAB02A77A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xAB0900AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xAB0917D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xAB02A9BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xAB090718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0xAB02AA44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xAB04027A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xAB0911D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xAB042174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xAB042002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xAB0420B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xAB0421E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xAB090EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xAB041A6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xAB09105C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xAB02AAE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xAB08E56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xAB09024E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xAB090DA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xAB02AAF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xAB0903AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xAB0908B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xAB09193C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xAB091666]
INT 0x51 ? 9F2DECD8
INT 0x52 ? 9E4877D8
INT 0x61 ? 9F1A4058
INT 0x62 ? 9F1A42D8
INT 0x72 ? 9E487CD8
INT 0x82 ? 9E487058
INT 0x92 ? 9E487A58
INT 0x93 ? 9F1A4CD8
INT 0xA2 ? 9F2DEA58
INT 0xA3 ? 9E4872D8
INT 0xB1 ? 9E426CD8
INT 0xB3 ? 9E487558
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D E2A579F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E2A911F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 E2A9841C 4 Bytes [BA, E6, 08, AB]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF E2A98444 8 Bytes [02, 1C, 04, AB, 4A, 1F, 04, ...] {ADD BL, [ESP+EAX]; STOSD ; DEC EDX; POP DS; ADD AL, 0xab}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 E2A98488 4 Bytes [90, 23, 04, AB] {NOP ; AND EAX, [EBX+EBP*4]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F E2A984B4 4 Bytes [8C, A2, 02, AB]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 E2A984D8 4 Bytes [DC, 18, 04, AB] {FCOMP QWORD [EAX]; ADD AL, 0xab}
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Benedikt\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ----
| Vielen Dank schonmal im Vorraus |