Link in email geöffnet! Virus oder Trojaner eingefangen?

niemsen · 21.06.2012, 14:58

Hallo,

ich habe blöderweise in einer email, die nur scheinbar von einer Bekannten geschickt wurde auf den enthaltenen Link geklickt. Auf der Suche nach einem möglichen Virus oder Trojaner etc. habe ich danach den Avira Scan gestartet und den CCleaner durchlaufen lassen.

Dann habe ich zum Glück diese Seite entdeckt und versucht mich genau an den Ablauf zu halten.

Zuerst habe ich den Scan mit der Malwarebytes Anti-Malware durchgeführt. Der defogger hat keine Fehlermeldung ausgegeben. Der Avira Scan hat sich zwischenzeitlich aufgehängt und den Report konnte ich nur mit einem Neustart des Computers schließen (ich weiß nicht, ob das relavant ist?). Und dann noch ein Scan mit OTL und Gmer.

Ich hoffe, dass ich unten alles richtig aufgelistet habe.
Vielen Dank schonmal für die prima Anleitung und für die Mühe sich die Daten anzugucken!

Gruß
Timo

[B][B] Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.21.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
T-Moe :: T-MOE-PC [Administrator]

Schutz: Aktiviert

21.06.2012 10:13:11
mbam-log-2012-06-21 (10-13-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 185630
Laufzeit: 13 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\T-Moe\Downloads\SoftonicDownloader_fuer_hdd-regenerator.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

OTL logfile created on: 21.06.2012 13:14:09 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\T-Moe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 66,15% Memory free
3,74 Gb Paging File | 2,95 Gb Available in Paging File | 78,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 30,74 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 66,09 Gb Free Space | 94,42% Space Free | Partition Type: NTFS

Computer Name: T-MOE-PC | User Name: T-Moe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.21 12:39:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\T-Moe\Downloads\OTL.exe
PRC - [2012.05.08 21:14:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:14:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:14:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:14:24 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.05.07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010.05.07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010.05.07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.11 00:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.10.05 18:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2010.11.12 10:23:44 | 000,330,584 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010.05.07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010.05.07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2007.01.19 00:54:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.06.18 19:35:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:14:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:14:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.05 18:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 21:14:25 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:14:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.10 04:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010.11.10 04:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.06.23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007.01.19 01:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.28 21:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{69E99061-EEE3-4C45-B930-DA3B35A04493}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 00 DF BE BF B4 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{69E99061-EEE3-4C45-B930-DA3B35A04493}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 21:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.16 20:32:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:35:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 21:45:40 | 000,000,000 | ---D | M]

[2011.06.13 20:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Extensions
[2011.06.13 20:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 22:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions
[2010.05.24 22:07:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.21 22:03:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.16 15:45:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\firefox@tvunetworks.com
[2011.06.14 19:45:42 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\T-Moe\AppData\Roaming\mozilla\Firefox\Profiles\akwe5l4t.default\extensions\mail@gutscheinrausch.de
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\T-Moe\AppData\Roaming\Mozilla\Firefox\Profiles\akwe5l4t.default\searchplugins\startsear.xml
[2012.04.29 09:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.16 21:20:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.06 19:50:47 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\T-MOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AKWE5L4T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.18 19:35:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2009.12.17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.18 19:35:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 19:35:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 19:35:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 19:35:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 19:35:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 19:35:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\T-Moe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\T-Moe\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\T-Moe\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B60F6C5-DDED-4F26-81A8-8721D4A7C608}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{949A217C-6E3A-4E40-9320-0D5218540EB1}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.21 10:10:33 | 000,000,000 | ---D | C] -- C:\Users\T-Moe\AppData\Roaming\Malwarebytes
[2012.06.21 10:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.21 10:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.21 10:10:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.21 10:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.16 21:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.16 21:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.12 19:10:49 | 000,000,000 | ---D | C] -- C:\Users\T-Moe\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012.06.21 13:14:24 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.21 13:14:24 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.21 13:14:24 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.21 13:14:24 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 13:09:51 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 13:09:51 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 13:09:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 13:09:23 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 12:37:44 | 000,000,000 | ---- | M] () -- C:\Users\T-Moe\defogger_reenable
[2012.06.14 18:43:39 | 000,008,838 | ---- | M] () -- C:\Users\T-Moe\Downloads\Documents\Eastpak.jpg
[2012.06.14 18:43:39 | 000,002,099 | ---- | M] () -- C:\Users\T-Moe\.recently-used.xbel
[2012.06.08 21:58:48 | 000,063,489 | ---- | M] () -- C:\Users\T-Moe\Ueberweisung_EASTPAK.jpg

========== Files Created - No Company Name ==========

[2012.06.21 12:37:44 | 000,000,000 | ---- | C] () -- C:\Users\T-Moe\defogger_reenable
[2012.06.14 18:43:39 | 000,008,838 | ---- | C] () -- C:\Users\T-Moe\Downloads\Documents\Eastpak.jpg
[2012.06.14 18:43:39 | 000,002,099 | ---- | C] () -- C:\Users\T-Moe\.recently-used.xbel
[2012.06.08 21:58:48 | 000,063,489 | ---- | C] () -- C:\Users\T-Moe\Ueberweisung_EASTPAK.jpg
[2011.06.14 21:06:52 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011.03.03 21:15:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2011.12.26 15:43:54 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Amazon
[2011.12.05 22:34:40 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Canneverbe Limited
[2011.08.08 18:24:18 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Canon
[2011.06.14 21:06:53 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Carambis
[2012.04.12 09:48:15 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\DVDVideoSoft
[2011.07.21 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.14 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\gtk-2.0
[2011.08.18 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\HTC
[2011.06.30 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.02.02 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Leadertech
[2012.05.10 21:45:10 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\MyPhoneExplorer
[2011.06.14 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\OpenCandy
[2011.03.05 11:52:18 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\OpenOffice.org
[2010.02.23 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\PPLive
[2011.12.04 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\SaalDesignSoftware
[2011.06.13 20:42:02 | 000,000,000 | ---D | M] -- C:\Users\T-Moe\AppData\Roaming\Thunderbird
[2012.06.21 13:08:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B755D674

< End of report >

OTL Extras logfile created on: 21.06.2012 13:14:09 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\T-Moe\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 66,15% Memory free
3,74 Gb Paging File | 2,95 Gb Available in Paging File | 78,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 30,74 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 66,09 Gb Free Space | 94,42% Space Free | Partition Type: NTFS

Computer Name: T-MOE-PC | User Name: T-Moe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1480FC06-7152-483A-8103-567230542AD5}" = rport=137 | protocol=17 | dir=out | app=system |
"{19B93BF8-3EBB-43C1-984E-A189DB0B488D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1D39F558-516F-4010-8C40-AF9EEBFF3242}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2101B968-56CD-4341-96AE-DA064E5E146C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{21E5B1A3-2CA3-492B-BDDC-7F848D6F5A04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3DC7AAE8-C39B-482C-A730-E9D95FAE5709}" = lport=137 | protocol=17 | dir=in | app=system |
"{60F3093E-6932-468F-A86E-B442F2EEC031}" = lport=139 | protocol=6 | dir=in | app=system |
"{7542F794-8651-47C0-9079-58B5464AFF0C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{845B48A1-1ABA-4809-9B51-E94690F2729C}" = rport=138 | protocol=17 | dir=out | app=system |
"{94489BFE-5EF3-4E82-8169-460177122A9D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9719598F-A10E-4027-A3B9-0CD44A7A80C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99231335-ACC2-4A4D-A3E1-4BFD5D634EAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99762776-6C27-4CC2-B9BC-FD2A6F3DA83A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D8287E3-C663-4ABC-A51C-3EC954E327E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFC7C055-AE0E-4DAD-9D19-E87831B3C14E}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5DEFEEB-8BD0-4650-A7BB-B3369FD90B19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8B6DA68-624E-449C-B5C5-1271F69DE052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F5D2A2C2-A79C-4E5B-84CF-0355986D5E80}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E68451-203A-4A0E-BC6B-9A6D6D12B3DD}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{08D3F25C-28C9-4BB3-BB8B-A908970D3F14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{11FD20CA-8C2A-4E96-B94D-E8C38F05D3A2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{231D3A8B-85DB-422E-A304-75E6378E0EDB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{23EC23C5-14EF-475C-8858-63112C66934E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{4D56C0FB-EEFC-40F3-B494-E3050A15A61E}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{62369748-6710-485F-A63B-391A3F568010}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6AB48B55-F861-4E93-95E4-1A24CCB64899}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{70FB9DEC-A5D3-45F3-8082-E4C09B54CCDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8812876A-FC04-47A8-8861-B5BB452591CE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{8C5D1F1E-80DB-4408-A380-7D28C51C4E50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7831D3A-6D08-49CA-BD3C-959137CFF400}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E802ACB0-15B9-4832-91B2-410C10798DEF}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\samsung pc share manager.exe |
"{F0CE3396-B292-4E1D-8851-5E46E443FD2C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{F2D2B9CF-7B6D-42C2-9D32-665DE279E9AF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\samsung pc share manager.exe |
"{F995374D-F184-48C8-89D6-C7842BDBF3FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1ABB0F20-CECE-423D-8FB5-9B0D26E45D49}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{24E0F7F0-C267-42C6-8DAA-5CBF003CA282}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{2D92CB11-E147-41BB-9001-28672C1939CB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{42E99144-43C7-4951-857A-00A5BB216946}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{4BEB9048-0FAF-4C5C-819F-FCABB74080D3}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{9FEF64D0-26AB-42D7-B808-348F0C8E1778}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{BCFBAD2F-94EF-4B5A-936A-733CDC76245E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{DF4F5794-6D81-4C68-BC6B-1D990E081245}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{2B43CB79-41F2-426A-82C7-85781F6AF6E1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{32958024-EB98-47F4-8E63-5662C2734E67}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{387DFA3C-A0FA-4452-A182-0FE685167D4C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{54358DCC-35DF-44B0-9880-9FC79BE139EA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{59E97F48-CFAA-4380-B293-183883F72816}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{60A20EF0-AD90-46AB-AEE3-B8FFACDABE91}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{D8E0BE9A-7287-47F3-B493-3A8AF052878D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F63E7731-51C1-4A96-8966-486C4A95695D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D7F9432D-33F7-BA1D-D379-B5EDB0271BC5}" = Saal Design Software
"{DD8D87E5-C372-462F-B168-94612B1D9451}" = HTC Sync
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.11.718
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"OnlineFotoservice" = OnlineFotoservice
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PartyPoker" = PartyPoker
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PPLive" = PPLive 1.9
"SaalDesignSoftware" = Saal Design Software
"SopCast" = SopCast 3.2.8
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"xp-AntiSpy" = xp-AntiSpy 3.97-2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08.04.2012 15:35:53 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08.04.2012 15:35:54 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08.04.2012 15:35:54 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08.04.2012 15:35:55 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08.04.2012 15:35:55 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08.04.2012 15:35:56 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08.04.2012 15:35:56 | Computer Name = T-Moe-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 18.06.2012 15:35:58 | Computer Name = T-Moe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_257.exe, Version
11.3.300.257, Zeitstempel 0x4fc82063, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x083079c3, Prozess-ID
0x9f8, Anwendungsstartzeit 01cd4d8853b785a9.

Error - 21.06.2012 04:04:48 | Computer Name = T-Moe-PC | Source = VSS | ID = 12310
Description =

Error - 21.06.2012 04:04:48 | Computer Name = T-Moe-PC | Source = VSS | ID = 12298
Description =

Error - 21.06.2012 05:40:35 | Computer Name = T-Moe-PC | Source = VSS | ID = 12289
Description =

[ System Events ]
Error - 20.06.2012 12:25:19 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.06.2012 12:25:19 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 20.06.2012 15:23:56 | Computer Name = T-Moe-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse
001B9E427E89 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 20.06.2012 15:25:26 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.06.2012 15:25:26 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21.06.2012 03:40:53 | Computer Name = T-Moe-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.102 für die Netzwerkkarte mit der Netzwerkadresse
001B9E427E89 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 21.06.2012 03:42:18 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21.06.2012 03:42:18 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21.06.2012 07:11:07 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21.06.2012 07:11:07 | Computer Name = T-Moe-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-21 14:54:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: n6onxinc.exe; Driver: C:\Users\T-Moe\AppData\Local\Temp\ugloipog.sys

---- System - GMER 1.0.15 ----

SSDT 894B6BD6 ZwCreateSection
SSDT 894B6BE0 ZwRequestWaitReplyPort
SSDT 894B6BDB ZwSetContextThread
SSDT 894B6BE5 ZwSetSecurityObject
SSDT 894B6BEA ZwSystemDebugControl
SSDT 894B6B77 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 405 81C6EA3C 4 Bytes [D6, 6B, 4B, 89]
.text ntoskrnl.exe!KeInsertQueue + 729 81C6ED60 4 Bytes [E0, 6B, 4B, 89]
.text ntoskrnl.exe!KeInsertQueue + 75D 81C6ED94 4 Bytes [DB, 6B, 4B, 89]
.text ntoskrnl.exe!KeInsertQueue + 7C1 81C6EDF8 4 Bytes [E5, 6B, 4B, 89]
.text ntoskrnl.exe!KeInsertQueue + 809 81C6EE40 4 Bytes JMP D7894B6B
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[964] ntdll.dll!LdrLoadDll 779B9390 5 Bytes JMP 6A5FFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[964] kernel32.dll!MapViewOfFile 778F68F0 5 Bytes JMP 6A8A079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[964] kernel32.dll!VirtualAlloc 778FAD55 5 Bytes JMP 6A8A07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[964] GDI32.dll!CreateDIBSection 77867461 5 Bytes JMP 6A8A0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

Link in email geöffnet! Virus oder Trojaner eingefangen?

Log-Analyse und Auswertung: Link in email geöffnet! Virus oder Trojaner eingefangen?

Link in email geöffnet! Virus oder Trojaner eingefangen?

Ähnliche Themen: Link in email geöffnet! Virus oder Trojaner eingefangen?