| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner 2.07Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.07.2012, 11:12
| #1 |
| |  GVU-Trojaner 2.07 Hallo liebe Moderatoren, mein PC hat sich seit gestern den GVU Trojaner 2.07 eingefangen und mich seitdem auf diese BKA Webseite geschickt. Ich habe per G Data Boot CD einen Virus gefunden und die Datei gelöscht. Er hat nun aufgehört mich auf die Seite zu schicken. Ist er nun wirklich weg oder kann er sich noch auf meinem PC befinden? Anbei habe ich die beiden OTL Logfiles gepostet. Vielen Dank im voraus! Code:
ATTFilter OTL Extras logfile created on: 22.07.2012 11:31:48 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Dreamscape\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 3,31 Gb Available Physical Memory | 55,33% Memory free
11,98 Gb Paging File | 8,67 Gb Available in Paging File | 72,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 569,04 Gb Free Space | 61,09% Space Free | Partition Type: NTFS
Computer Name: DREAMSCAPE-PC | User Name: Dreamscape | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1312EEFA-6B0A-449E-84C9-78FC534895AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C58B148-7D7E-4DC0-9E8D-88614C449DC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{341CFA78-6250-4F7B-A5B1-2D5025AA9EBA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3D5B5495-27B8-40E0-993F-293D4BCEAC9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B8371D6-9B18-482D-9755-D0E5FD297E3E}" = lport=139 | protocol=6 | dir=in | app=system |
"{55B38584-B155-4F92-8A54-E684DDAB1FAF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58CBB177-CE6C-4B9E-A658-10DCE37EBD59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A6525DF-8704-4F80-8FA8-9796D051F69F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5A719B06-4012-4339-84DF-F218A6F32344}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63B1B750-15F4-44EE-BDCB-15C3BA0D66C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6ADA6F25-2AA2-4F91-8C7B-1C9ABC5003C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{804DA724-15A7-4D04-8E4A-AE5809B81DC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{84B81437-47F2-46B6-8EB3-585225EB3674}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{934A756E-C873-42CB-A513-2FDED84CBAC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97A127DE-F51A-442B-9ACC-CFC572D58447}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDAE0322-847E-4E9C-A189-068FCBA59AEF}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3A5FD0D-8AED-41DD-A05E-BA00FA8FEE0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC092797-5229-4B30-9C0C-C75158AEB543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CECD42BC-9F2D-45FC-BC42-102F10A35E24}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6211B40-1DA8-4A9C-83C9-04FD6EA91D81}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D836DBDA-E3B2-45DA-9140-4F5D111C3255}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA3345E7-363D-4DD9-8CC0-EA0D081BAD2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC73BD0E-918F-47BA-8D6E-FB7FB11F643D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD1ADC4D-2DB2-47BD-8F10-E0BD7E1102BE}" = rport=138 | protocol=17 | dir=out | app=system |
"{E1DFE83F-0071-4F51-B3BC-AE13E7413CCC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FE0043E0-C274-4099-BB97-333E21C12E22}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4E8D1A-B9BD-4A25-A445-F7176A7B09F7}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{0F7B6BDD-E8DF-4636-8693-E784C357B907}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{103D27BC-C4B6-4146-A7BB-E47C206C5E13}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{17F1004A-5902-4CB2-AE7A-54DC804CF124}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\imbooster\imbooster.exe |
"{183D06DA-3D97-4A5F-BF1C-493EC8F820AC}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe |
"{1CE00D0E-3AF7-4EF0-BEEB-E37FBA8DC7FB}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{281B540E-B98F-4C22-B11E-4CBD66F80B35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29E2CD11-4BCF-4590-9B3F-1E39D28A5535}" = protocol=6 | dir=out | app=system |
"{2C55EFB9-6276-4A7D-9339-FD676043C127}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\imbooster\imbooster.exe |
"{2FCD3602-6FB7-49A6-B4C0-31C55BDD2348}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31CB834B-3EDC-4E2A-B06D-041AF741BEF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33190477-DDD0-4015-A879-22A408C313AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3811190F-EEE2-4D37-BE8F-4FFAF3FF4E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3AE1535C-E4C7-44D8-8628-E0AE7DE85441}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{3B07E02A-DDEA-4F90-9A30-D75078FAC65C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{40667746-5AAB-4C51-A6D6-BF0C4645D96A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{43C9E2F3-D6B7-4586-9D3A-AAA4BAE6531C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4E5DFC9D-643B-43DA-946C-6C474A9AEA58}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{534A03E8-C410-4E64-9730-F40FEC562C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5471B632-E72B-477B-9B73-3D1DC7ADF3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{5736EDAD-5831-4B16-A1DD-D91246563097}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61141AF4-12F3-44C1-9175-ACBA62F57640}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{6671D11A-19F6-4F99-9D60-3982C67DE367}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{705913C2-00C9-48FC-80FE-A2DB06EF8FFC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{706BDFB0-F3F2-4F3C-A01D-C398DDDFE0C5}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{72DD733E-2FBD-4502-B1EF-E8AA68E49EC3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{73E6F223-C57F-4C04-89C2-A5AA798B323C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{75A98EC8-8303-4D3C-9C01-5DBC76DB106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{779E857F-5CC6-4ACC-80EB-78EC507E95B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{79EB6CE8-1B94-4FB9-8850-4C17E573D952}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E0014FD-A6FA-42C3-BEAD-05EB794A28CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7F61EE51-BB06-4B31-B01F-98DB08F7668E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{873307AE-38EC-473D-A01D-A47015F56D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{8D9CED3B-EB98-4C85-9D04-9B490CD9C5AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DE2EBF2-76BC-4EDA-9E32-E78DD133216E}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{8F3CC9B6-804F-4936-9A43-5D3C647DE872}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{92298CCC-81DA-4E4B-9015-639BB4E3F56B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{98A528B5-FB5F-4DAE-8DF9-FC9D5F319E30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CFC6C56-0789-455E-A404-C1C54ABF24F4}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{9E161D55-D00F-405E-92D6-7DB1BCDC95C7}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{A27F3827-13E1-491B-B868-D6FD5FBCEEE2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{AA05F2CE-DB21-4577-8AB4-000E5AC7D2EF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{AAE6EED3-DC9C-4223-A3E0-19EE425BF930}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{AC7098DD-1B05-4353-8D4A-7FA7DE739B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{B1BCC549-B1AA-430D-9F55-3922438A1559}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6D87955-D3C4-47A4-805F-3A5F7904F4D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B87D518A-F61E-4694-ACDE-AB74ACFC342A}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\lost planet 2\lp2dx11.exe |
"{BB32A00F-79ED-4E2B-A599-A58F84186EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\lost planet 2\lp2dx9.exe |
"{C310DB6F-A547-4987-B5CB-4EDC602087A0}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\lost planet 2\lp2dx9.exe |
"{C46653D1-9653-4C8F-9371-92AAEBFF9878}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9BC1707-9784-4BD3-8DCA-A5D429FB104E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDA91BCE-A910-45F1-BFF3-A148ED3CAE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{D6954393-E497-453F-A65E-2FE8E6428EBF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D8AF73BC-B9F2-46EB-BB62-3056A0ADF5C1}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D9C50ED7-A295-4BCE-94B1-0682A455DAD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DAB2DAAB-CB96-496E-9CFF-AE0C8A73D075}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{DBD14707-D66A-45CE-9502-3A5D8DB4CAC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC3DA145-704C-43DC-B6C3-01C990483D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E79A6E77-EFCC-4F68-B362-17F9C39D2330}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{EDC64C48-3AAF-49F9-8128-8CA54BD5C9C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EED66E84-2BFA-41F6-98AC-EE06A0509554}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe |
"{F146280B-6598-45B5-A4A4-22B6DCF44C77}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F380125C-9053-4AFE-918D-AE7A9C75B993}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F576FA45-C4F0-43AE-B1BF-6DFDBB4EFD5F}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\lost planet 2\lp2dx11.exe |
"{F7628FEF-DD56-456F-AD17-26F3F2E66B6F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FB09E8C4-EEBF-4FDB-8FB9-D2CFEDE974E3}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"TCP Query User{2901D38C-297C-4D5E-8B80-4689C68D48B5}C:\program files (x86)\empire interactive\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout\flatout.exe |
"TCP Query User{DB98D648-BC53-455B-AD67-351AAE7FFB09}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"UDP Query User{1AFCC740-F410-4E58-A6BA-7D7D3B995BD4}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"UDP Query User{8EEE00F8-A1EE-4CE6-A7DC-BC84E43F44AD}C:\program files (x86)\empire interactive\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout\flatout.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12C85315-0989-4C28-8956-33458F464DD6}" = The Chronicles of Riddick - Assault on Dark Athena
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{807275BF-1746-4B81-89FA-E776094678E7}" = Vegas Movie Studio 9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5E4D0D0-EACC-4013-B48D-C3F104F21DCD}" = StarOffice 9
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD4CEACE-8B19-4B1C-AE82-DE0FC5787D4C}" = Iminent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcaniA" = ArcaniA - Gothic 4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Diablo III" = Diablo III
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"EAX Unified" = EAX Unified
"IMBoosterARP" = Iminent
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Mafia" = Mafia
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Saturn Fotoservice" = Saturn Fotoservice
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40800" = Super Meat Boy
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TomTom HOME" = TomTom HOME 2.8.4.2596
"Two Worlds II" = Two Worlds II
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2012 02:25:43 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 20.05.2012 02:25:43 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 21.05.2012 08:09:01 | Computer Name = Dreamscape-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2012 08:13:18 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.05.2012 08:13:19 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.05.2012 08:13:19 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 22.05.2012 07:14:56 | Computer Name = Dreamscape-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.05.2012 07:17:55 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 22.05.2012 07:17:55 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 22.05.2012 07:17:55 | Computer Name = Dreamscape-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ Media Center Events ]
Error - 02.06.2011 02:42:46 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 08:42:42 - Fehler beim Herstellen der Internetverbindung. 08:42:42
- Serververbindung konnte nicht hergestellt werden..
Error - 02.06.2011 03:42:52 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 09:42:52 - Fehler beim Herstellen der Internetverbindung. 09:42:52
- Serververbindung konnte nicht hergestellt werden..
Error - 02.06.2011 03:42:58 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 09:42:57 - Fehler beim Herstellen der Internetverbindung. 09:42:57
- Serververbindung konnte nicht hergestellt werden..
Error - 02.06.2011 04:43:05 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 10:43:05 - Fehler beim Herstellen der Internetverbindung. 10:43:05
- Serververbindung konnte nicht hergestellt werden..
Error - 02.06.2011 04:43:11 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 10:43:10 - Fehler beim Herstellen der Internetverbindung. 10:43:10
- Serververbindung konnte nicht hergestellt werden..
Error - 04.06.2011 02:35:07 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 08:35:07 - Fehler beim Herstellen der Internetverbindung. 08:35:07
- Serververbindung konnte nicht hergestellt werden..
Error - 04.06.2011 02:35:40 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 08:35:36 - Fehler beim Herstellen der Internetverbindung. 08:35:36
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2012 13:58:41 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 19:58:40 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 21.07.2012 03:16:31 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 09:16:31 - Fehler beim Herstellen der Internetverbindung. 09:16:31
- Serververbindung konnte nicht hergestellt werden..
Error - 21.07.2012 03:17:37 | Computer Name = Dreamscape-PC | Source = MCUpdate | ID = 0
Description = 09:16:36 - Fehler beim Herstellen der Internetverbindung. 09:16:36
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume1" den Befehl "chkdsk" aus.
Error - 22.07.2012 03:45:49 | Computer Name = Dreamscape-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
< End of report >
Code:
ATTFilter OTL logfile created on: 22.07.2012 11:31:48 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Dreamscape\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,31 Gb Available Physical Memory | 55,33% Memory free 11,98 Gb Paging File | 8,67 Gb Available in Paging File | 72,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 569,04 Gb Free Space | 61,09% Space Free | Partition Type: NTFS Computer Name: DREAMSCAPE-PC | User Name: Dreamscape | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dreamscape\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\World of Warcraft\Wow.exe (Blizzard Entertainment) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe (Iminent) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\Sun\StarOffice 9\program\soffice.bin (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Sun\StarOffice 9\program\soffice.exe (Sun Microsystems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll () MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll () MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll () MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll () MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll () MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll () MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Windows.dll () MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Workflow.dll () MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Services.dll () MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Business.TinyUrl.dll () MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Booster.UI.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Sun\StarOffice 9\program\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.) SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (GRD) -- C:\Windows\SysWOW64\drivers\GRD.sys (G Data Software) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://youtube.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 CA B6 5B 18 9F CB 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {B1F37FCD-53AD-4CEE-B45F-7436670529AD} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{10B84D3F-4D9D-41A7-9EE5-8A1FEE5D0CF3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=12B7D877-607B-4E92-B6DB-32178A4B484E&apn_sauid=04B42690-35EA-4793-9740-A0D4CDB438DF& IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{B1F37FCD-53AD-4CEE-B45F-7436670529AD}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE426 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: webbooster@iminent.com:4.23.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dreamscape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dreamscape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.03 17:30:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.03 17:30:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.21 16:40:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.29 14:15:44 | 000,000,000 | ---D | M] [2012.06.17 12:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dreamscape\AppData\Roaming\mozilla\Extensions [2012.06.17 12:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dreamscape\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.02.07 12:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dreamscape\AppData\Roaming\mozilla\Firefox\Profiles\ymrq22id.default\extensions [2012.03.12 14:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.30 14:28:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.05.08 19:54:43 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.02.29 17:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.04.05 14:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.03.12 14:59:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.12.29 18:12:05 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com [2011.05.03 17:30:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.05.03 17:30:32 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.03.12 14:59:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.31 21:43:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.31 21:43:51 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.31 21:43:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.31 21:43:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.31 21:43:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - Extension: YouTube = C:\Users\Dreamscape\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\Dreamscape\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\Dreamscape\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DivX HiQ = C:\Users\Dreamscape\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dreamscape\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ CHR - Extension: Google Mail = C:\Users\Dreamscape\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk = C:\Program Files (x86)\Sun\StarOffice 9\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BD1BEC8-8296-4CB1-ACFE-EA2E7E537F31}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A92C4DE-19D6-44DE-8070-0241B386FEBD}: DhcpNameServer = 192.168.0.253 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{97410cb3-0af2-11e0-a356-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{97410cb3-0af2-11e0-a356-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.22 11:13:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dreamscape\Desktop\OTL.exe [2012.07.22 10:50:57 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{0D9653A3-1A37-49D0-85C8-8AD19C9A14D4} [2012.07.22 10:50:36 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{085CE50E-7B47-4E46-9D9A-4A1BD9857B62} [2012.07.22 09:45:59 | 000,000,000 | R--D | C] -- C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.07.21 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{BA9D7580-56C3-4FCA-8DF4-6686C4CBACFD} [2012.07.21 17:17:55 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{21C15FDB-9276-4284-92B9-6BA526153EF8} [2012.07.21 12:59:19 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\Desktop\4.3.4 [2012.07.21 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{4B655D48-E4CF-46E8-B6F3-F1313B659619} [2012.07.17 08:35:41 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{CB1D9277-BABC-4610-8ED9-FD627B1904E9} [2012.07.17 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{4A474BF1-957D-4433-B63A-26A534813DA5} [2012.07.14 20:08:17 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Roaming\vlc [2012.07.14 20:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.07.14 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.07.13 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{1BDFB8C4-501E-4686-8324-3F75E185747A} [2012.07.13 13:46:34 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{AFCC5047-B084-4DE8-A864-B60E3032D445} [2012.07.13 01:31:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.13 01:31:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.13 01:31:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.13 01:31:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.13 01:31:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.13 01:31:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.13 01:31:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.13 01:31:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.13 01:31:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.13 01:31:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.13 01:31:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.13 01:31:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.13 01:31:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 17:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.12 17:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.12 17:57:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.12 17:57:19 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.12 17:57:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.12 17:51:15 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.30 12:04:51 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{A21EDD3D-4F38-4712-98E5-8EEDA85F73D9} [2012.06.30 12:04:29 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{060B648C-AA6A-4E57-B084-1F61EEE52E5F} [2012.06.29 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{9C2B79A4-BEEE-487C-8EA2-0C5173F5706B} [2012.06.29 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{89748AA2-B1C8-44C1-8E01-8DB4654FCD0B} [2012.06.29 06:40:16 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{37E9E4AA-D824-48E0-B654-3737A3A55F17} [2012.06.29 06:40:00 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{0130564B-F4CE-43A5-B145-7C773AC103C2} [2012.06.25 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{87D902A9-B7DC-483D-AEAD-15E2D38FA7C9} [2012.06.25 20:53:06 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{92ED367E-4838-4FB7-831C-4D65ABEA1696} [2012.06.25 12:44:57 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.25 12:44:57 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.25 12:44:57 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.25 12:44:44 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.25 12:44:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.25 12:44:44 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.25 12:44:35 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.25 12:44:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.24 12:44:12 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{4AAA1C11-BBB1-47AB-8673-80EC4FE4D2FF} [2012.06.24 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{2FE4A0FB-895C-4DAB-9022-2660C31D4A61} [2012.06.24 12:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.06.24 12:28:09 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{D73E5209-5E4F-4632-BD39-F8F438D840EC} [2012.06.24 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{9A9368CE-AA85-4B01-81E6-AF11420FCE7B} [2012.06.24 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{0EA2187C-8214-43EE-A2AE-AE7F30F0E2B8} [2012.06.24 12:21:42 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{3424837E-F922-4801-96E7-468275045438} [2012.06.24 12:21:20 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Local\{DD615109-F1A2-49AE-A3E4-CD6D179F4268} [2012.06.23 12:04:26 | 000,000,000 | ---D | C] -- C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.22 11:18:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000UA.job [2012.07.22 11:13:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dreamscape\Desktop\OTL.exe [2012.07.22 11:08:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.22 11:06:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.22 09:52:54 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 09:52:54 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 09:50:49 | 000,725,335 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.07.22 09:50:49 | 000,041,957 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.07.22 09:45:44 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.22 09:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 09:45:28 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 07:42:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad [2012.07.22 00:02:28 | 004,027,894 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.22 00:02:28 | 001,598,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.22 00:02:28 | 001,178,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.22 00:02:28 | 001,048,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.22 00:02:27 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.20 21:31:04 | 000,001,887 | ---- | M] () -- C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.20 18:18:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000Core.job [2012.07.14 20:06:00 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.13 09:01:01 | 003,038,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 23:14:16 | 000,002,427 | ---- | M] () -- C:\Users\Dreamscape\Desktop\Google Chrome.lnk [2012.07.12 18:06:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 18:06:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.20 21:31:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad [2012.07.20 21:31:03 | 000,001,887 | ---- | C] () -- C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.14 20:06:00 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.12 17:51:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.23 12:07:28 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000UA.job [2012.06.23 12:07:27 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000Core.job [2012.06.23 12:04:27 | 000,002,427 | ---- | C] () -- C:\Users\Dreamscape\Desktop\Google Chrome.lnk [2012.03.02 10:58:44 | 000,725,335 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.09.08 09:00:04 | 000,000,000 | ---- | C] () -- C:\Users\Dreamscape\AppData\Local\{64938EBE-1260-4036-9370-FB77488CDA91} [2011.06.19 11:30:04 | 000,270,142 | ---- | C] () -- C:\Program Files (x86)\Minecraft.exe [2011.05.11 14:17:54 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.11 14:17:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.01 03:28:21 | 000,003,584 | ---- | C] () -- C:\Users\Dreamscape\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.22 16:09:14 | 000,001,399 | ---- | C] () -- C:\Users\Dreamscape\AppData\Roaming\MPQEditor.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.12.21 03:45:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Dreamscape\AppData\Roaming\MafiaSetup.exe < End of report > |
|
22.07.2012, 23:52
| #2 |
| /// Helfer-Team  | GVU-Trojaner 2.07 Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll ()
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\Dreamscape\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {B1F37FCD-53AD-4CEE-B45F-7436670529AD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10B84D3F-4D9D-41A7-9EE5-8A1FEE5D0CF3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=12B7D877-607B-4E92-B6DB-32178A4B484E&apn_sauid=04B42690-35EA-4793-9740-A0D4CDB438DF&
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B1F37FCD-53AD-4CEE-B45F-7436670529AD}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE426
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: webbooster@iminent.com:4.23.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dreamscape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dreamscape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk = C:\Program Files (x86)\Sun\StarOffice 9\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{97410cb3-0af2-11e0-a356-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97410cb3-0af2-11e0-a356-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe"
[2012.07.22 07:42:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.20 21:31:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.22 11:18:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000UA.job
[2012.07.22 11:08:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 09:45:44 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 21:31:04 | 000,001,887 | ---- | M] () -- C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 18:18:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000Core.job
[2012.07.12 17:51:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.23 12:07:28 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000UA.job
[2012.06.23 12:07:27 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
23.07.2012, 11:35
| #3 |
| | GVU-Trojaner 2.07Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10B84D3F-4D9D-41A7-9EE5-8A1FEE5D0CF3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10B84D3F-4D9D-41A7-9EE5-8A1FEE5D0CF3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1F37FCD-53AD-4CEE-B45F-7436670529AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1F37FCD-53AD-4CEE-B45F-7436670529AD}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems
Prefs.js: webbooster@iminent.com:4.23.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
File C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Users\Dreamscape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Users\Dreamscape\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
File move failed. C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\Sun\StarOffice 9\program\quickstart.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97410cb3-0af2-11e0-a356-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97410cb3-0af2-11e0-a356-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97410cb3-0af2-11e0-a356-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97410cb3-0af2-11e0-a356-806e6f6e6963}\ not found.
File "D:\Diablo III Setup.exe" not found.
File C:\ProgramData\kp_0loor.pad not found.
File C:\ProgramData\kp_0loor.pad not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000UA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000Core.job not found.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000UA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2295525991-741628779-3058811771-1000Core.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Dreamscape\Desktop\cmd.bat deleted successfully.
C:\Users\Dreamscape\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dreamscape
->Temp folder emptied: 849 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6627094 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 174 bytes
Total Files Cleaned = 6,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Dreamscape
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_122829
Files\Folders moved on Reboot...
File\Folder C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk not found!
C:\Users\Dreamscape\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Dreamscape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk not found!
File C:\Users\Dreamscape\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
23.07.2012, 17:52
| #4 |
| /// Helfer-Team | GVU-Trojaner 2.07 Du hast den Fix zweimal laufen lassen !? Gibt es in C:\_OTL\MovedFiles\ noch das Logfile vom ersten durchgang? Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
07.08.2012, 15:45
| #5 |
| /// Helfer-Team | GVU-Trojaner 2.07 Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
Linear-Darstellung
