GUV Trojaner ... RKIT usw.
Hallo liebe Helfer,
leider gehöre ich nun auch zu denen die es erwischt hat.
Leider habe ich gedacht das mein Virenscanner das Problem lösen könnte, konnte er aber nicht :(
Dann bin ich aufs das Board hier gestoßen und erhoffe mir Hilfe ... schon mal DANKE im voraus.
Folgendes habe ich schon gemacht:
Log von Defogger HTML-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:55 on 22/07/2012 (Guido)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Log von OTL HTML-Code:
OTL logfile created on: 22.07.2012 13:11:06 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Guido\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,56% Memory free
6,50 Gb Paging File | 3,78 Gb Available in Paging File | 58,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 0,29 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 19,05 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32
Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
PRC - [2012.07.19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 09:10:23 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 09:10:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.09 14:15:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
MOD - [2012.07.12 05:10:15 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.19 09:32:19 | 020,313,384 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.06.19 09:32:17 | 000,895,312 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.06.19 09:32:15 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2012.06.19 09:32:13 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.06.19 09:32:11 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2011.11.05 19:28:07 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.19 09:06:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 05:10:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.15 09:29:18 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2012.05.08 09:10:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 09:10:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 DB AA C0 20 61 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10850D83-343F-406A-A45B-D91E3E8634B9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.03 22:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 09:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.03 22:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M]
[2011.10.07 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions
[2012.05.28 22:16:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions\ffxtlbra@softonic.com
[2012.03.18 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.07.19 09:36:38 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GUIDO\APPDATA\ROAMING\14001.001
[2011.12.21 10:04:00 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.07.12 09:46:14 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.07.19 09:06:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 10:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 10:26:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 10:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 10:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 10:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 10:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [EA Core] "D:\Laufwerk 01 - Spiele\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A93ED40-A503-40DE-9B83-20D6EA37AAFB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C971016A-A13B-4E3B-8E35-373D9464C53F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Guido\AppData\Roaming\appconf32.exe) - C:\Users\Guido\AppData\Roaming\appconf32.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.07.22 10:25:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2012.07.20 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.002
[2012.07.20 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.20 18:48:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock
[2012.07.02 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{C2FB2A83-EF1B-46C0-B383-9D4ED7A95413}
[2012.07.02 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{401FEA2C-C3C0-41DF-958D-9C9B47EE4A7B}
[2012.07.02 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{9022BCDE-90C6-47AD-9C49-5A998876DD98}
[2012.07.02 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{A4DF6914-2424-4C1C-A627-9D1E1C50B99C}
[2012.06.28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{7B0F5608-0956-4D5A-86AE-32169B9B451A}
[2012.06.28 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{2FF35CC5-C97C-43B1-904B-E23E766FEE80}
[2012.06.28 10:00:58 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.28 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{1D667315-0D10-4F83-8A10-96098EE0F2F2}
[2012.06.28 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{4EA823DB-6CA8-45D5-B717-CE9F0C1C4C0D}
[2012.06.28 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{B18A71C7-E036-4666-8EB6-8C4140AA50FB}
[2012.06.28 09:54:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{72C3D745-1C7F-44D8-93D7-C24ACCEC93FA}
[2012.06.27 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Skype
[2012.06.27 13:58:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.27 13:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.27 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\Macromedia
[1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.07.22 13:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 13:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 12:55:30 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable
[2012.07.22 12:29:12 | 000,000,017 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\blckdom.res
[2012.07.22 10:26:53 | 000,302,592 | ---- | M] () -- C:\Users\Guido\Desktop\ibtj4qky.exe
[2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2012.07.22 10:25:13 | 000,050,477 | ---- | M] () -- C:\Users\Guido\Desktop\Defogger.exe
[2012.07.22 10:10:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 17:15:59 | 000,007,173 | ---- | M] () -- C:\Users\Guido\Desktop\Tennis.jpg
[2012.07.21 17:11:39 | 000,006,599 | ---- | M] () -- C:\Users\Guido\Desktop\Handball.jpg
[2012.07.21 17:07:04 | 000,006,415 | ---- | M] () -- C:\Users\Guido\Desktop\Hockey.jpg
[2012.07.21 16:59:58 | 000,006,448 | ---- | M] () -- C:\Users\Guido\Desktop\Fußball.jpg
[2012.07.21 16:51:20 | 000,007,570 | ---- | M] () -- C:\Users\Guido\Desktop\Basketball.jpg
[2012.07.20 23:20:06 | 000,268,992 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.17 09:57:13 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:57:13 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:54:11 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.07.17 09:53:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.17 09:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 09:49:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 19:55:53 | 000,001,887 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.12 19:07:03 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:24:56 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.04 15:45:37 | 000,138,460 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012.06.27 13:58:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.26 23:34:06 | 000,093,855 | ---- | M] () -- C:\Users\Guido\Desktop\Elternhockey.jpg
[1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.07.22 12:55:30 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable
[2012.07.22 10:26:51 | 000,302,592 | ---- | C] () -- C:\Users\Guido\Desktop\ibtj4qky.exe
[2012.07.22 10:25:08 | 000,050,477 | ---- | C] () -- C:\Users\Guido\Desktop\Defogger.exe
[2012.07.21 17:15:59 | 000,007,173 | ---- | C] () -- C:\Users\Guido\Desktop\Tennis.jpg
[2012.07.21 17:11:39 | 000,006,599 | ---- | C] () -- C:\Users\Guido\Desktop\Handball.jpg
[2012.07.21 17:07:04 | 000,006,415 | ---- | C] () -- C:\Users\Guido\Desktop\Hockey.jpg
[2012.07.21 16:59:58 | 000,006,448 | ---- | C] () -- C:\Users\Guido\Desktop\Fußball.jpg
[2012.07.21 16:51:20 | 000,007,570 | ---- | C] () -- C:\Users\Guido\Desktop\Basketball.jpg
[2012.07.21 01:04:01 | 000,000,017 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\blckdom.res
[2012.07.20 23:20:06 | 000,268,992 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.20 23:20:06 | 000,006,400 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.13 19:55:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 19:55:53 | 000,001,887 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 15:45:37 | 000,138,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.06.27 13:58:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.26 23:34:06 | 000,093,855 | ---- | C] () -- C:\Users\Guido\Desktop\Elternhockey.jpg
[2012.05.01 13:08:16 | 000,004,155 | ---- | C] () -- C:\ProgramData\wchswdhf.hou
[2011.12.19 13:51:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.07 22:30:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.07 22:14:39 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.09.25 16:15:40 | 000,307,008 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.02.16 11:22:01 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.16 11:22:01 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.02.16 11:22:00 | 001,462,272 | ---- | C] () -- C:\Windows\System32\mmc.dll
[2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\Guido\AppData\Roaming\appconf32.exe
[color=#E56717]========== LOP Check ==========[/color]
[2012.07.17 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.18 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.19 09:36:38 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.20 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.002
[2011.10.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon
[2012.07.17 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dexpot
[2012.07.22 13:06:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox
[2012.01.27 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GHISLER
[2012.05.03 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC
[2011.10.27 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.10.07 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\IrfanView
[2012.07.17 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\kock
[2012.02.17 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer
[2012.02.17 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenCandy
[2012.04.07 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Origin
[2012.02.17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Outlook
[2011.12.19 13:51:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pdfforge
[2011.10.10 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\ProtectDISC
[2012.07.03 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\The Bat!
[2012.07.20 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.02.17 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Uniblue
[2012.07.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 09:54:11 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2009.07.14 06:53:46 | 000,019,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Log von OTL - Extra HTML-Code:
´OTL Extras logfile created on: 22.07.2012 13:11:06 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Guido\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,56% Memory free
6,50 Gb Paging File | 3,78 Gb Available in Paging File | 58,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 0,29 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 19,05 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32
Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87FC15-85F4-4FC7-A205-7FACA629F142}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1422CF8F-FA48-4CD7-B3F4-AA8884450F1A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B274725-6B6B-428E-A997-2112CADE9DD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C80EF7C-9196-4B0C-BA70-74B78DE64A3D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2257825C-D697-4DDA-8E2C-8C8B9FE23A69}" = rport=139 | protocol=6 | dir=out | app=system |
"{282EF124-8FAC-4A35-8711-DD7FB3016FF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{303FA16C-C8E8-45C4-ADB8-F7F940495D06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{35CEA49E-C965-4DA6-B40A-DC2E64104F4D}" = rport=138 | protocol=17 | dir=out | app=system |
"{375E99A0-C8A8-4CAC-903F-65AF689FAFE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43D59A3B-732A-432E-A23D-3CEFAD0848E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{50BACEAE-C876-42CB-B561-746D277D80D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{721C96A7-060E-4B4D-858C-C0F0DCC4B496}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F4009CE-A26A-419B-B13B-14DC262A5B42}" = lport=445 | protocol=6 | dir=in | app=system |
"{91BC4E61-9519-4266-A2F7-92FD84AADF1F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{94D63662-7837-4D63-889D-52F41708C1BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C4F056A-B635-4FB6-BC2E-B0D5BD0D0325}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A25A2C63-93C6-45DD-8BB6-38CA19A3F0D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4DAEC9B-BED9-42B5-AA14-030EABA7F2D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB14BC27-0339-4315-AFCF-A0F5232B30C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B33A78AC-333E-455E-8EF1-840C3E886D06}" = rport=137 | protocol=17 | dir=out | app=system |
"{D34FBB6F-D9FB-4DB8-852B-B60A5675CC2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2BA3C2F-4C81-4D58-BC19-1BD4E75D1B30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E3A06A12-A641-4387-915F-AA72B48A2579}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCA9678C-4520-4840-996D-4B3650729C53}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CED399-6794-4E96-9650-4FDAA508DBA0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{0A583036-8C42-4311-B68B-31010D5C3338}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 de\maxpayne2.exe |
"{103AFD8C-8694-4537-935D-031A76F08DDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{14A41881-DD07-48B4-BC22-5B8CAFD36D4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15B93DB8-5935-41B6-93A3-A9306144ECA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18BFA096-8D30-42AE-A77C-5D3CDC687522}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{18D79A62-179F-4A2C-8D3C-87F75E65D9F7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{19E5CB78-4AAD-42B4-AEB7-4A085C08F120}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EF2F8E9-8F76-4760-95B2-719112AE4E6B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 de\maxpayne2.exe |
"{29850D3D-F2C3-4B4C-B4F7-F3EB28B5E8E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{29D7805A-2D16-4DC0-8681-C8A726883D4C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{329FC300-709B-46FE-8DDB-39A7546C6533}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcry.exe |
"{3836FB6A-8936-4F7F-AA9C-952B961D28B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3B2CC343-C021-4E19-957C-FECC80E8D70F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{3BC2E57B-372C-46EE-ACA3-54F4361177D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D7439FC-C628-4D42-BACA-270FBD5C15EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{4C898DF4-B9BB-4788-911E-A88A1121AAF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{50674CD6-6DA6-4D14-85DC-1F7A3B359D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{542B756F-4E7A-4A47-92B1-3EEF5E76E792}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{54DDFC34-8D1A-4A9F-8B26-EACD8953E2B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hsk251197\counter-strike source\hl2.exe |
"{5B94EC02-4E83-41C1-B09D-DF459A9FAC2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{5D3AD77C-68B1-4081-BA17-E2F494F4CF25}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{5FE4F010-D440-4754-97F9-56416F37ED6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{66C6DA7C-4FBD-4423-BE64-56F5ADEC33E1}" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C80CCEA-2613-4A83-9990-3030DCA4B697}" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"{6EDF1C49-18C8-4831-86D3-D0EE6A1E9E56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{6FBFBEEE-2DA1-4A24-A290-E911661101B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{777D9387-D6B2-4AB7-B663-B8668B844A2B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcry.exe |
"{7A369D79-0C80-4505-A349-A7890A220F65}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ghost recon\ghostrecon.exe |
"{7A9FBD53-829C-46EA-B5D9-C3FC705580B6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{83ACDC5C-4BBA-4DCC-A4A7-F1419F173F52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{89AF6A07-331F-42FC-979C-7B2A9CDC8EC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AB67688-BA20-40CA-A734-7F196FCAB6DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ghost recon\ghostrecon.exe |
"{8D9A7686-70EF-4C01-A208-219ACB50C05D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{99488DFC-128B-4850-8CA2-582FB21CF87B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{9B75E4AB-B90B-4EF3-B101-1843DCE8C4DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EDCA419-1022-495E-802A-B70DB370F0D8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hsk251197\counter-strike source\hl2.exe |
"{A4A5647C-C2D6-4F18-88D1-1A34CC75577F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7436D02-36B8-4476-9635-5C25168ED5A3}" = protocol=6 | dir=out | app=system |
"{B04EF0CD-9BA9-4943-9674-D437CD66980B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{B26C2BB2-B7B8-4ECA-8AFF-7734FE9D712B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF870978-7C85-4D2F-B302-15D1A7829AB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C79C6E93-E73D-4442-8436-41DC74A8E21E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6C8E854-6427-450E-BD50-9B1EE9938218}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBD97CA3-11E5-42C6-87AD-381BBBFCEC6E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBDFB598-9079-45CC-8686-33EAA0547163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F03B5F33-83D9-4D6D-88A4-EC169F0D83E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB47F649-B7DC-4C4A-89E2-00C9EE713DC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{4ABCAE1B-3E35-4FC8-A7E1-FF125A8A105E}D:\laufwerk 05\mod.exe" = protocol=6 | dir=in | app=d:\laufwerk 05\mod.exe |
"TCP Query User{59458B5A-02A8-4152-99F3-BAD935E0D361}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{7182A5FC-5B0E-46E3-9DA3-3D37E895095D}D:\laufwerk 05\mod.exe" = protocol=6 | dir=in | app=d:\laufwerk 05\mod.exe |
"TCP Query User{D1A227E8-8665-4D5F-A7CA-BFDC05C070B1}C:\users\guido\downloads\s4fp2pclient_mod\mod.exe" = protocol=6 | dir=in | app=c:\users\guido\downloads\s4fp2pclient_mod\mod.exe |
"TCP Query User{E4A36864-7508-43A4-B721-4B266A0684BF}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{03B78B4B-619B-4FC6-99BB-30BECB219D5A}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{05826A24-97BF-444A-ADD7-99939F1BBAB4}C:\users\guido\downloads\s4fp2pclient_mod\mod.exe" = protocol=17 | dir=in | app=c:\users\guido\downloads\s4fp2pclient_mod\mod.exe |
"UDP Query User{521855A8-2AB2-4AC6-AA83-083D76B6A99C}D:\laufwerk 05\mod.exe" = protocol=17 | dir=in | app=d:\laufwerk 05\mod.exe |
"UDP Query User{6971F20C-3D2F-4F3F-B1BC-5CEC50C79C09}D:\laufwerk 05\mod.exe" = protocol=17 | dir=in | app=d:\laufwerk 05\mod.exe |
"UDP Query User{CFF06AEF-DFD1-49B3-9AB9-DBD86E6FBE17}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 276.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C86FD824-E01A-4C78-9A56-39FF2E4FBDA5}" = TheBat! Home v5.0.36
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ccpWinGUI" = ccpWinGUI 1.23
"DivX Setup" = DivX-Setup
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"LM98Free 2.2a_is1" = LM98Free 2.2a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"NAC SPORT BASIC" = NAC SPORT BASIC
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"softonic" = Softonic toolbar on IE and Chrome
"Steam App 13520" = Far Cry
"Steam App 15300" = Tom Clancy's Ghost Recon
"Steam App 19900" = Far Cry 2
"Steam App 210410" = Max Payne 2 DE
"Steam App 240" = Counter-Strike: Source
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"gamealarm-DEFAULT" = Game Alarm
"sc12-AT_MAIN" = Ski Challenge 12 (AT)
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 19.07.2012 16:16:53 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce78ca9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00047732 ID des fehlerhaften
Prozesses: 0x14e4 Startzeit der fehlerhaften Anwendung: 0x01cd63f1499dd998 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ad6aaa1e-d1de-11e1-8a92-0030840d728f
Error - 20.07.2012 12:20:15 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc225 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0148201c ID des fehlerhaften
Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cd63f149a75f19 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: c9b19660-d286-11e1-8a92-0030840d728f
Error - 20.07.2012 12:41:53 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften
Prozesses: 0x3854 Startzeit der fehlerhaften Anwendung: 0x01cd657d011955e5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: cf38d897-d289-11e1-8a92-0030840d728f
Error - 20.07.2012 12:43:29 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.07.2012 18:30:35 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.07.2012 17:28:49 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Mod.exe, Version: 2.0.1.23, Zeitstempel:
0x4229dd46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001e8b6a ID des fehlerhaften Prozesses:
0x1a5a4 Startzeit der fehlerhaften Anwendung: 0x01cd64fb16a7b876 Pfad der fehlerhaften
Anwendung: D:\Laufwerk 05\Mod.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung:
0f26e64b-d37b-11e1-8a92-0030840d728f
Error - 21.07.2012 18:30:36 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.07.2012 18:30:42 | Computer Name = Rechner-Guido | Source = System Restore | ID = 8193
Description =
Error - 21.07.2012 18:30:42 | Computer Name = Rechner-Guido | Source = System Restore | ID = 8211
Description =
Error - 22.07.2012 01:30:37 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a4a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00045568 ID des fehlerhaften
Prozesses: 0x162c Startzeit der fehlerhaften Anwendung: 0x01cd63f0e628c17b Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5d9006f5-d3be-11e1-8a92-0030840d728f
[ System Events ]
Error - 17.07.2012 01:10:30 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10010
Description =
Error - 17.07.2012 11:06:14 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 17.07.2012 20:22:04 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 18.07.2012 05:10:00 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 18.07.2012 05:10:30 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10010
Description =
Error - 18.07.2012 08:59:55 | Computer Name = Rechner-Guido | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
Error - 18.07.2012 20:10:01 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10005
Description =
Error - 18.07.2012 20:10:01 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
Error - 19.07.2012 15:11:50 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 22.07.2012 01:30:44 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
Log von GMER HTML-Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 15:42:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD103SI rev.1AG01118
Running: ibtj4qky.exe; Driver: C:\Users\Guido\AppData\Local\Temp\kwdiyaoc.sys
---- System - GMER 1.0.15 ----
SSDT 90468A16 ZwCreateSection
SSDT 90468A20 ZwRequestWaitReplyPort
SSDT 90468A1B ZwSetContextThread
SSDT 90468A25 ZwSetSecurityObject
SSDT 90468A2A ZwSystemDebugControl
SSDT 904689B7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E813C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC1EAC 4 Bytes [16, 8A, 46, 90] {PUSH SS; MOV AL, [ESI-0x70]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EC2208 4 Bytes [20, 8A, 46, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EC224C 4 Bytes [1B, 8A, 46, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EC22C8 4 Bytes [25, 8A, 46, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EC231C 4 Bytes [2A, 8A, 46, 90]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9F83669D]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[124] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[348] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\system32\wininit.exe[416] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 00110313
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[616] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text ...
.text C:\Windows\Explorer.EXE[3316] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 047C50CA
.text C:\Windows\system32\conhost.exe[3872] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 000A0313
.text C:\Windows\system32\WUDFHost.exe[3896] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 008E0313
.text C:\Windows\system32\SearchIndexer.exe[3988] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\System32\svchost.exe[5056] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[7936] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 06C80313
.text ...
.text C:\Windows\system32\svchost.exe[28308] kernel32.dll!ExitProcess 7617BBE2 5 Bytes JMP 00020389
.text C:\Program Files\Steam\steam.exe[37248] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\system32\taskhost.exe[50408] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe[53440] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\system32\conhost.exe[66276] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 001F0313
.text C:\Windows\system32\Dwm.exe[73208] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 740
Process hidden process (*** hidden *** ) 7672
Process hidden process (*** hidden *** ) 10064
Process hidden process (*** hidden *** ) 12072
Process hidden process (*** hidden *** ) 13860
Process hidden process (*** hidden *** ) 16080
Process hidden process (*** hidden *** ) 18692
Process hidden process (*** hidden *** ) 20512
Process hidden process (*** hidden *** ) 50400
---- EOF - GMER 1.0.15 ----
Wenn etwas fehlt liefere ich gerne nach ...
Gruß Freshi |
