Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GUV Trojaner ... RKIT usw.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2012, 21:20   #1
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



Hallo liebe Helfer,

leider gehöre ich nun auch zu denen die es erwischt hat.
Leider habe ich gedacht das mein Virenscanner das Problem lösen könnte, konnte er aber nicht

Dann bin ich aufs das Board hier gestoßen und erhoffe mir Hilfe ... schon mal DANKE im voraus.

Folgendes habe ich schon gemacht:

Log von Defogger
HTML-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:55 on 22/07/2012 (Guido)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
Log von OTL
HTML-Code:
OTL logfile created on: 22.07.2012 13:11:06 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Guido\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,56% Memory free
6,50 Gb Paging File | 3,78 Gb Available in Paging File | 58,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 0,29 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 19,05 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32
 
Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
PRC - [2012.07.19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 09:10:23 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 09:10:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.09 14:15:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
MOD - [2012.07.12 05:10:15 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.06.19 09:32:19 | 020,313,384 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.06.19 09:32:17 | 000,895,312 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.06.19 09:32:15 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2012.06.19 09:32:13 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.06.19 09:32:11 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2011.11.05 19:28:07 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.19 09:06:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 05:10:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.15 09:29:18 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012.05.08 09:10:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 09:10:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 DB AA C0 20 61 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10850D83-343F-406A-A45B-D91E3E8634B9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.03 22:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 09:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.03 22:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M]
 
[2011.10.07 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions
[2012.05.28 22:16:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions\ffxtlbra@softonic.com
[2012.03.18 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.07.19 09:36:38 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GUIDO\APPDATA\ROAMING\14001.001
[2011.12.21 10:04:00 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.07.12 09:46:14 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.07.19 09:06:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 10:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 10:26:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 10:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 10:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 10:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 10:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [EA Core] "D:\Laufwerk 01 - Spiele\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A93ED40-A503-40DE-9B83-20D6EA37AAFB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C971016A-A13B-4E3B-8E35-373D9464C53F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Guido\AppData\Roaming\appconf32.exe) - C:\Users\Guido\AppData\Roaming\appconf32.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.07.22 10:25:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2012.07.20 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.002
[2012.07.20 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.20 18:48:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock
[2012.07.02 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{C2FB2A83-EF1B-46C0-B383-9D4ED7A95413}
[2012.07.02 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{401FEA2C-C3C0-41DF-958D-9C9B47EE4A7B}
[2012.07.02 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{9022BCDE-90C6-47AD-9C49-5A998876DD98}
[2012.07.02 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{A4DF6914-2424-4C1C-A627-9D1E1C50B99C}
[2012.06.28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{7B0F5608-0956-4D5A-86AE-32169B9B451A}
[2012.06.28 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{2FF35CC5-C97C-43B1-904B-E23E766FEE80}
[2012.06.28 10:00:58 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.28 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{1D667315-0D10-4F83-8A10-96098EE0F2F2}
[2012.06.28 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{4EA823DB-6CA8-45D5-B717-CE9F0C1C4C0D}
[2012.06.28 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{B18A71C7-E036-4666-8EB6-8C4140AA50FB}
[2012.06.28 09:54:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{72C3D745-1C7F-44D8-93D7-C24ACCEC93FA}
[2012.06.27 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Skype
[2012.06.27 13:58:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.27 13:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.27 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\Macromedia
[1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.07.22 13:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 13:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 12:55:30 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable
[2012.07.22 12:29:12 | 000,000,017 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\blckdom.res
[2012.07.22 10:26:53 | 000,302,592 | ---- | M] () -- C:\Users\Guido\Desktop\ibtj4qky.exe
[2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2012.07.22 10:25:13 | 000,050,477 | ---- | M] () -- C:\Users\Guido\Desktop\Defogger.exe
[2012.07.22 10:10:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 17:15:59 | 000,007,173 | ---- | M] () -- C:\Users\Guido\Desktop\Tennis.jpg
[2012.07.21 17:11:39 | 000,006,599 | ---- | M] () -- C:\Users\Guido\Desktop\Handball.jpg
[2012.07.21 17:07:04 | 000,006,415 | ---- | M] () -- C:\Users\Guido\Desktop\Hockey.jpg
[2012.07.21 16:59:58 | 000,006,448 | ---- | M] () -- C:\Users\Guido\Desktop\Fußball.jpg
[2012.07.21 16:51:20 | 000,007,570 | ---- | M] () -- C:\Users\Guido\Desktop\Basketball.jpg
[2012.07.20 23:20:06 | 000,268,992 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.17 09:57:13 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:57:13 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:54:11 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.07.17 09:53:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.17 09:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 09:49:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 19:55:53 | 000,001,887 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.12 19:07:03 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:24:56 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.04 15:45:37 | 000,138,460 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012.06.27 13:58:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.26 23:34:06 | 000,093,855 | ---- | M] () -- C:\Users\Guido\Desktop\Elternhockey.jpg
[1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.07.22 12:55:30 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable
[2012.07.22 10:26:51 | 000,302,592 | ---- | C] () -- C:\Users\Guido\Desktop\ibtj4qky.exe
[2012.07.22 10:25:08 | 000,050,477 | ---- | C] () -- C:\Users\Guido\Desktop\Defogger.exe
[2012.07.21 17:15:59 | 000,007,173 | ---- | C] () -- C:\Users\Guido\Desktop\Tennis.jpg
[2012.07.21 17:11:39 | 000,006,599 | ---- | C] () -- C:\Users\Guido\Desktop\Handball.jpg
[2012.07.21 17:07:04 | 000,006,415 | ---- | C] () -- C:\Users\Guido\Desktop\Hockey.jpg
[2012.07.21 16:59:58 | 000,006,448 | ---- | C] () -- C:\Users\Guido\Desktop\Fußball.jpg
[2012.07.21 16:51:20 | 000,007,570 | ---- | C] () -- C:\Users\Guido\Desktop\Basketball.jpg
[2012.07.21 01:04:01 | 000,000,017 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\blckdom.res
[2012.07.20 23:20:06 | 000,268,992 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.20 23:20:06 | 000,006,400 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.13 19:55:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 19:55:53 | 000,001,887 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 15:45:37 | 000,138,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.06.27 13:58:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.26 23:34:06 | 000,093,855 | ---- | C] () -- C:\Users\Guido\Desktop\Elternhockey.jpg
[2012.05.01 13:08:16 | 000,004,155 | ---- | C] () -- C:\ProgramData\wchswdhf.hou
[2011.12.19 13:51:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.07 22:30:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.07 22:14:39 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.09.25 16:15:40 | 000,307,008 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.02.16 11:22:01 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.16 11:22:01 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.02.16 11:22:00 | 001,462,272 | ---- | C] () -- C:\Windows\System32\mmc.dll
[2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\Guido\AppData\Roaming\appconf32.exe
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012.07.17 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.18 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.19 09:36:38 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.20 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.002
[2011.10.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon
[2012.07.17 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dexpot
[2012.07.22 13:06:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox
[2012.01.27 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GHISLER
[2012.05.03 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC
[2011.10.27 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.10.07 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\IrfanView
[2012.07.17 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\kock
[2012.02.17 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer
[2012.02.17 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenCandy
[2012.04.07 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Origin
[2012.02.17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Outlook
[2011.12.19 13:51:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pdfforge
[2011.10.10 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\ProtectDISC
[2012.07.03 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\The Bat!
[2012.07.20 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.02.17 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Uniblue
[2012.07.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 09:54:11 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2009.07.14 06:53:46 | 000,019,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
< End of report >
Log von OTL - Extra
HTML-Code:
´OTL Extras logfile created on: 22.07.2012 13:11:06 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Guido\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,56% Memory free
6,50 Gb Paging File | 3,78 Gb Available in Paging File | 58,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 0,29 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 19,05 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32
 
Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87FC15-85F4-4FC7-A205-7FACA629F142}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1422CF8F-FA48-4CD7-B3F4-AA8884450F1A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B274725-6B6B-428E-A997-2112CADE9DD5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1C80EF7C-9196-4B0C-BA70-74B78DE64A3D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2257825C-D697-4DDA-8E2C-8C8B9FE23A69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{282EF124-8FAC-4A35-8711-DD7FB3016FF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{303FA16C-C8E8-45C4-ADB8-F7F940495D06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{35CEA49E-C965-4DA6-B40A-DC2E64104F4D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{375E99A0-C8A8-4CAC-903F-65AF689FAFE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43D59A3B-732A-432E-A23D-3CEFAD0848E4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{50BACEAE-C876-42CB-B561-746D277D80D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{721C96A7-060E-4B4D-858C-C0F0DCC4B496}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F4009CE-A26A-419B-B13B-14DC262A5B42}" = lport=445 | protocol=6 | dir=in | app=system | 
"{91BC4E61-9519-4266-A2F7-92FD84AADF1F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{94D63662-7837-4D63-889D-52F41708C1BF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9C4F056A-B635-4FB6-BC2E-B0D5BD0D0325}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A25A2C63-93C6-45DD-8BB6-38CA19A3F0D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4DAEC9B-BED9-42B5-AA14-030EABA7F2D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB14BC27-0339-4315-AFCF-A0F5232B30C4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B33A78AC-333E-455E-8EF1-840C3E886D06}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D34FBB6F-D9FB-4DB8-852B-B60A5675CC2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2BA3C2F-4C81-4D58-BC19-1BD4E75D1B30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E3A06A12-A641-4387-915F-AA72B48A2579}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCA9678C-4520-4840-996D-4B3650729C53}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CED399-6794-4E96-9650-4FDAA508DBA0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{0A583036-8C42-4311-B68B-31010D5C3338}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 de\maxpayne2.exe | 
"{103AFD8C-8694-4537-935D-031A76F08DDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{14A41881-DD07-48B4-BC22-5B8CAFD36D4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{15B93DB8-5935-41B6-93A3-A9306144ECA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{18BFA096-8D30-42AE-A77C-5D3CDC687522}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{18D79A62-179F-4A2C-8D3C-87F75E65D9F7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{19E5CB78-4AAD-42B4-AEB7-4A085C08F120}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EF2F8E9-8F76-4760-95B2-719112AE4E6B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 de\maxpayne2.exe | 
"{29850D3D-F2C3-4B4C-B4F7-F3EB28B5E8E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{29D7805A-2D16-4DC0-8681-C8A726883D4C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{329FC300-709B-46FE-8DDB-39A7546C6533}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcry.exe | 
"{3836FB6A-8936-4F7F-AA9C-952B961D28B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3B2CC343-C021-4E19-957C-FECC80E8D70F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{3BC2E57B-372C-46EE-ACA3-54F4361177D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D7439FC-C628-4D42-BACA-270FBD5C15EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{4C898DF4-B9BB-4788-911E-A88A1121AAF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{50674CD6-6DA6-4D14-85DC-1F7A3B359D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{542B756F-4E7A-4A47-92B1-3EEF5E76E792}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{54DDFC34-8D1A-4A9F-8B26-EACD8953E2B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hsk251197\counter-strike source\hl2.exe | 
"{5B94EC02-4E83-41C1-B09D-DF459A9FAC2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{5D3AD77C-68B1-4081-BA17-E2F494F4CF25}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{5FE4F010-D440-4754-97F9-56416F37ED6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{66C6DA7C-4FBD-4423-BE64-56F5ADEC33E1}" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6C80CCEA-2613-4A83-9990-3030DCA4B697}" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6EDF1C49-18C8-4831-86D3-D0EE6A1E9E56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{6FBFBEEE-2DA1-4A24-A290-E911661101B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{777D9387-D6B2-4AB7-B663-B8668B844A2B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcry.exe | 
"{7A369D79-0C80-4505-A349-A7890A220F65}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ghost recon\ghostrecon.exe | 
"{7A9FBD53-829C-46EA-B5D9-C3FC705580B6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{83ACDC5C-4BBA-4DCC-A4A7-F1419F173F52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{89AF6A07-331F-42FC-979C-7B2A9CDC8EC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AB67688-BA20-40CA-A734-7F196FCAB6DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ghost recon\ghostrecon.exe | 
"{8D9A7686-70EF-4C01-A208-219ACB50C05D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{99488DFC-128B-4850-8CA2-582FB21CF87B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{9B75E4AB-B90B-4EF3-B101-1843DCE8C4DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9EDCA419-1022-495E-802A-B70DB370F0D8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hsk251197\counter-strike source\hl2.exe | 
"{A4A5647C-C2D6-4F18-88D1-1A34CC75577F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7436D02-36B8-4476-9635-5C25168ED5A3}" = protocol=6 | dir=out | app=system | 
"{B04EF0CD-9BA9-4943-9674-D437CD66980B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{B26C2BB2-B7B8-4ECA-8AFF-7734FE9D712B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF870978-7C85-4D2F-B302-15D1A7829AB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C79C6E93-E73D-4442-8436-41DC74A8E21E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6C8E854-6427-450E-BD50-9B1EE9938218}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBD97CA3-11E5-42C6-87AD-381BBBFCEC6E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBDFB598-9079-45CC-8686-33EAA0547163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F03B5F33-83D9-4D6D-88A4-EC169F0D83E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB47F649-B7DC-4C4A-89E2-00C9EE713DC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{4ABCAE1B-3E35-4FC8-A7E1-FF125A8A105E}D:\laufwerk 05\mod.exe" = protocol=6 | dir=in | app=d:\laufwerk 05\mod.exe | 
"TCP Query User{59458B5A-02A8-4152-99F3-BAD935E0D361}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{7182A5FC-5B0E-46E3-9DA3-3D37E895095D}D:\laufwerk 05\mod.exe" = protocol=6 | dir=in | app=d:\laufwerk 05\mod.exe | 
"TCP Query User{D1A227E8-8665-4D5F-A7CA-BFDC05C070B1}C:\users\guido\downloads\s4fp2pclient_mod\mod.exe" = protocol=6 | dir=in | app=c:\users\guido\downloads\s4fp2pclient_mod\mod.exe | 
"TCP Query User{E4A36864-7508-43A4-B721-4B266A0684BF}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{03B78B4B-619B-4FC6-99BB-30BECB219D5A}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{05826A24-97BF-444A-ADD7-99939F1BBAB4}C:\users\guido\downloads\s4fp2pclient_mod\mod.exe" = protocol=17 | dir=in | app=c:\users\guido\downloads\s4fp2pclient_mod\mod.exe | 
"UDP Query User{521855A8-2AB2-4AC6-AA83-083D76B6A99C}D:\laufwerk 05\mod.exe" = protocol=17 | dir=in | app=d:\laufwerk 05\mod.exe | 
"UDP Query User{6971F20C-3D2F-4F3F-B1BC-5CEC50C79C09}D:\laufwerk 05\mod.exe" = protocol=17 | dir=in | app=d:\laufwerk 05\mod.exe | 
"UDP Query User{CFF06AEF-DFD1-49B3-9AB9-DBD86E6FBE17}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 276.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C86FD824-E01A-4C78-9A56-39FF2E4FBDA5}" = TheBat! Home v5.0.36
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ccpWinGUI" = ccpWinGUI 1.23
"DivX Setup" = DivX-Setup
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"LM98Free 2.2a_is1" = LM98Free 2.2a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"NAC SPORT BASIC" = NAC SPORT BASIC
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"softonic" = Softonic toolbar  on IE and Chrome
"Steam App 13520" = Far Cry
"Steam App 15300" = Tom Clancy's Ghost Recon
"Steam App 19900" = Far Cry 2
"Steam App 210410" = Max Payne 2 DE
"Steam App 240" = Counter-Strike: Source
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"gamealarm-DEFAULT" = Game Alarm
"sc12-AT_MAIN" = Ski Challenge 12 (AT)
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 19.07.2012 16:16:53 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce78ca9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047732  ID des fehlerhaften
 Prozesses: 0x14e4  Startzeit der fehlerhaften Anwendung: 0x01cd63f1499dd998  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ad6aaa1e-d1de-11e1-8a92-0030840d728f
 
Error - 20.07.2012 12:20:15 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc225  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0148201c  ID des fehlerhaften
 Prozesses: 0xdc0  Startzeit der fehlerhaften Anwendung: 0x01cd63f149a75f19  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: c9b19660-d286-11e1-8a92-0030840d728f
 
Error - 20.07.2012 12:41:53 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577,
 Zeitstempel: 0x5000b729  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c380b  ID des fehlerhaften
 Prozesses: 0x3854  Startzeit der fehlerhaften Anwendung: 0x01cd657d011955e5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: cf38d897-d289-11e1-8a92-0030840d728f
 
Error - 20.07.2012 12:43:29 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.07.2012 18:30:35 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 17:28:49 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Mod.exe, Version: 2.0.1.23, Zeitstempel:
 0x4229dd46  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001e8b6a  ID des fehlerhaften Prozesses:
 0x1a5a4  Startzeit der fehlerhaften Anwendung: 0x01cd64fb16a7b876  Pfad der fehlerhaften
 Anwendung: D:\Laufwerk 05\Mod.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung:
 0f26e64b-d37b-11e1-8a92-0030840d728f
 
Error - 21.07.2012 18:30:36 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:30:42 | Computer Name = Rechner-Guido | Source = System Restore | ID = 8193
Description = 
 
Error - 21.07.2012 18:30:42 | Computer Name = Rechner-Guido | Source = System Restore | ID = 8211
Description = 
 
Error - 22.07.2012 01:30:37 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a4a7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00045568  ID des fehlerhaften
 Prozesses: 0x162c  Startzeit der fehlerhaften Anwendung: 0x01cd63f0e628c17b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 5d9006f5-d3be-11e1-8a92-0030840d728f
 
[ System Events ]
Error - 17.07.2012 01:10:30 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10010
Description = 
 
Error - 17.07.2012 11:06:14 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 17.07.2012 20:22:04 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 18.07.2012 05:10:00 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 18.07.2012 05:10:30 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10010
Description = 
 
Error - 18.07.2012 08:59:55 | Computer Name = Rechner-Guido | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
 
Error - 18.07.2012 20:10:01 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10005
Description = 
 
Error - 18.07.2012 20:10:01 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 19.07.2012 15:11:50 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.07.2012 01:30:44 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
 < End of report >
Log von GMER
HTML-Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 15:42:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD103SI rev.1AG01118
Running: ibtj4qky.exe; Driver: C:\Users\Guido\AppData\Local\Temp\kwdiyaoc.sys


---- System - GMER 1.0.15 ----

SSDT            90468A16                                                                                                  ZwCreateSection
SSDT            90468A20                                                                                                  ZwRequestWaitReplyPort
SSDT            90468A1B                                                                                                  ZwSetContextThread
SSDT            90468A25                                                                                                  ZwSetSecurityObject
SSDT            90468A2A                                                                                                  ZwSystemDebugControl
SSDT            904689B7                                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                  82E813C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                    82EBAD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                       82EC1EAC 4 Bytes  [16, 8A, 46, 90] {PUSH SS; MOV AL, [ESI-0x70]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                       82EC2208 4 Bytes  [20, 8A, 46, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                       82EC224C 4 Bytes  [1B, 8A, 46, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                       82EC22C8 4 Bytes  [25, 8A, 46, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                       82EC231C 4 Bytes  [2A, 8A, 46, 90]
.text           ...                                                                                                       
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                  entry point in ".vmp2" section [0x9F83669D]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[124] ntdll.dll!NtClearEvent + F               779854C7 1 Byte  [00]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[348] ntdll.dll!NtClearEvent + F   779854C7 1 Byte  [00]
.text           C:\Windows\system32\wininit.exe[416] ntdll.dll!NtClearEvent + F                                           779854C7 6 Bytes  JMP 00110313 
.text           C:\Windows\system32\lsm.exe[492] ntdll.dll!NtClearEvent + F                                               779854C7 1 Byte  [00]
.text           C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[616] ntdll.dll!NtClearEvent + F  779854C7 1 Byte  [00]
.text           ...                                                                                                       
.text           C:\Windows\Explorer.EXE[3316] kernel32.dll!CreateProcessW                                                 7612204D 5 Bytes  JMP 047C50CA 
.text           C:\Windows\system32\conhost.exe[3872] ntdll.dll!NtClearEvent + F                                          779854C7 6 Bytes  JMP 000A0313 
.text           C:\Windows\system32\WUDFHost.exe[3896] ntdll.dll!NtClearEvent + F                                         779854C7 6 Bytes  JMP 008E0313 
.text           C:\Windows\system32\SearchIndexer.exe[3988] ntdll.dll!NtClearEvent + F                                    779854C7 1 Byte  [00]
.text           C:\Windows\System32\svchost.exe[5056] ntdll.dll!NtClearEvent + F                                          779854C7 1 Byte  [00]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[7936] ntdll.dll!NtClearEvent + F                       779854C7 6 Bytes  JMP 06C80313 
.text           ...                                                                                                       
.text           C:\Windows\system32\svchost.exe[28308] kernel32.dll!ExitProcess                                           7617BBE2 5 Bytes  JMP 00020389 
.text           C:\Program Files\Steam\steam.exe[37248] ntdll.dll!NtClearEvent + F                                        779854C7 1 Byte  [00]
.text           C:\Windows\system32\taskhost.exe[50408] ntdll.dll!NtClearEvent + F                                        779854C7 1 Byte  [00]
.text           C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe[53440] ntdll.dll!NtClearEvent + F                  779854C7 1 Byte  [00]
.text           C:\Windows\system32\conhost.exe[66276] ntdll.dll!NtClearEvent + F                                         779854C7 6 Bytes  JMP 001F0313 
.text           C:\Windows\system32\Dwm.exe[73208] ntdll.dll!NtClearEvent + F                                             779854C7 1 Byte  [00]
.text           ...                                                                                                       

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process         hidden process (*** hidden *** )                                                                          740                                                                                                                                                  
Process         hidden process (*** hidden *** )                                                                          7672                                                                                                                                                 
Process         hidden process (*** hidden *** )                                                                          10064                                                                                                                                                
Process         hidden process (*** hidden *** )                                                                          12072                                                                                                                                                
Process         hidden process (*** hidden *** )                                                                          13860                                                                                                                                                
Process         hidden process (*** hidden *** )                                                                          16080                                                                                                                                                
Process         hidden process (*** hidden *** )                                                                          18692                                                                                                                                                
Process         hidden process (*** hidden *** )                                                                          20512                                                                                                                                                
Process         hidden process (*** hidden *** )                                                                          50400                                                                                                                                              
---- EOF - GMER 1.0.15 ----


Wenn etwas fehlt liefere ich gerne nach ...


Gruß Freshi

Alt 22.07.2012, 21:51   #2
Chris4You
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



Hi,

das ist ein Banker, von einem sauberen Rechner aus sofort alle Passwörter ändern!

Das ist Dein Freund:
C:\Users\Guido\AppData\Roaming\appconf32.exe ()

Das sollte MAM schaffen, nach Suche&Bereinigung ein neues OTL-Logfile posten.

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
Für mich:
[2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock
__________________

__________________

Geändert von Chris4You (22.07.2012 um 22:00 Uhr)

Alt 22.07.2012, 22:20   #3
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



WOW ... das ging aber schnell ... vielen DANK

Log von mbam
HTML-Code:
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Guido :: RECHNER-GUIDO [Administrator]

Schutz: Aktiviert

22.07.2012 22:05:23
mbam-log-2012-07-22 (22-05-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 181544
Laufzeit: 8 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent) -> Bösartig: (C:\Users\Guido\AppData\Roaming\appconf32.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Windows\system32\userinit.exe,C:\Users\Guido\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Guido\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Guido\Downloads\SoftonicDownloader_fuer_htc-sync.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Guido\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Guido\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
die sieben Dateien gelöscht



mein Virenscanner hat zeitgleich folgendes gemeldet
unerwünschtes Programm ... TR/Drop.Injector.fkhx


weiterhin vielen DANK
__________________

Alt 22.07.2012, 22:22   #4
Chris4You
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



Hi,

und jetzt wiederholen wir das Ganze nochmal mit einem FULLSCAN...
Poste auch dieses Log und ein neues OTL-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 22.07.2012, 22:29   #5
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



sorry für die Nachfrage

Fullscann mit mbam und danach OTL ?


Gruß


Alt 22.07.2012, 22:42   #6
Chris4You
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



________Si!________
__________________
--> GUV Trojaner ... RKIT usw.

Alt 22.07.2012, 23:41   #7
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



auch das ist erledigt

log mbam (Fullscan)
HTML-Code:
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Guido :: RECHNER-GUIDO [Administrator]

Schutz: Aktiviert

22.07.2012 22:29:39
mbam-log-2012-07-22 (22-29-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 317055
Laufzeit: 59 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

log von OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.07.2012 23:31:40 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Guido\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 41,47% Memory free
6,50 Gb Paging File | 3,96 Gb Available in Paging File | 60,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 3,55 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 13,94 Gb Free Space | 2,99% Space Free | Partition Type: NTFS
Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32
 
Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
PRC - [2012.07.19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 09:10:23 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 09:10:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.04.09 14:15:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.09.26 01:58:00 | 000,842,048 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.09 15:18:12 | 001,298,432 | ---- | M] (Dexpot GbR) -- C:\Programme\Dexpot\dexpot.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.16 12:22:26 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\driverscanner.exe
PRC - [2011.05.16 12:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.03 15:51:50 | 000,163,328 | ---- | M] (Dexpot GbR) -- C:\Programme\Dexpot\plugins\SevenDex.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.19 09:32:19 | 020,313,384 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.06.19 09:32:17 | 000,895,312 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.06.19 09:32:15 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2012.06.19 09:32:13 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.06.19 09:32:11 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2012.05.11 03:33:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.11 03:33:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 03:32:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 03:32:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 03:32:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.16 12:22:26 | 000,407,400 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\locale\de\de.dll
MOD - [2011.05.16 12:22:26 | 000,071,016 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\InstallerExtensions.dll
MOD - [2011.05.16 12:22:26 | 000,018,792 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\cwebpage.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.19 09:06:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 05:10:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.15 09:29:18 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 09:10:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 09:10:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 DB AA C0 20 61 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10850D83-343F-406A-A45B-D91E3E8634B9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.03 22:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 09:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.03 22:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M]
 
[2011.10.07 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions
[2012.05.28 22:16:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions\ffxtlbra@softonic.com
[2012.03.18 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.07.20 18:48:16 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.07.20 23:20:17 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GUIDO\APPDATA\ROAMING\14001.002
[2011.12.21 10:04:00 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.07.12 09:46:14 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.07.19 09:06:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 10:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 10:26:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 10:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 10:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 10:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 10:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [EA Core] "D:\Laufwerk 01 - Spiele\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A93ED40-A503-40DE-9B83-20D6EA37AAFB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C971016A-A13B-4E3B-8E35-373D9464C53F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 22:02:53 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Malwarebytes
[2012.07.22 22:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 22:02:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.22 22:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.22 22:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 21:59:41 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Guido\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.22 10:25:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2012.07.20 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.002
[2012.07.20 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.20 18:48:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock
[2012.07.02 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{C2FB2A83-EF1B-46C0-B383-9D4ED7A95413}
[2012.07.02 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{401FEA2C-C3C0-41DF-958D-9C9B47EE4A7B}
[2012.07.02 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{9022BCDE-90C6-47AD-9C49-5A998876DD98}
[2012.07.02 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{A4DF6914-2424-4C1C-A627-9D1E1C50B99C}
[2012.06.28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{7B0F5608-0956-4D5A-86AE-32169B9B451A}
[2012.06.28 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{2FF35CC5-C97C-43B1-904B-E23E766FEE80}
[2012.06.28 10:00:58 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.28 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{1D667315-0D10-4F83-8A10-96098EE0F2F2}
[2012.06.28 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{4EA823DB-6CA8-45D5-B717-CE9F0C1C4C0D}
[2012.06.28 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{B18A71C7-E036-4666-8EB6-8C4140AA50FB}
[2012.06.28 09:54:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{72C3D745-1C7F-44D8-93D7-C24ACCEC93FA}
[2012.06.27 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Skype
[2012.06.27 13:58:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.27 13:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.06.27 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\Macromedia
[1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 23:10:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 23:10:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 22:31:04 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 22:31:04 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 22:23:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 22:23:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.07.22 22:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 22:23:33 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 22:02:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 22:00:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Guido\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.22 20:21:37 | 000,000,034 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\blckdom.res
[2012.07.22 12:55:30 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable
[2012.07.22 10:26:53 | 000,302,592 | ---- | M] () -- C:\Users\Guido\Desktop\ibtj4qky.exe
[2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2012.07.22 10:25:13 | 000,050,477 | ---- | M] () -- C:\Users\Guido\Desktop\Defogger.exe
[2012.07.21 17:15:59 | 000,007,173 | ---- | M] () -- C:\Users\Guido\Desktop\Tennis.jpg
[2012.07.21 17:11:39 | 000,006,599 | ---- | M] () -- C:\Users\Guido\Desktop\Handball.jpg
[2012.07.21 17:07:04 | 000,006,415 | ---- | M] () -- C:\Users\Guido\Desktop\Hockey.jpg
[2012.07.21 16:59:58 | 000,006,448 | ---- | M] () -- C:\Users\Guido\Desktop\Fußball.jpg
[2012.07.21 16:51:20 | 000,007,570 | ---- | M] () -- C:\Users\Guido\Desktop\Basketball.jpg
[2012.07.20 23:20:06 | 000,268,992 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.17 09:53:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.12 19:07:03 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:24:56 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.04 15:45:37 | 000,138,460 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.27 13:58:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.26 23:34:06 | 000,093,855 | ---- | M] () -- C:\Users\Guido\Desktop\Elternhockey.jpg
[1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.22 22:02:41 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 12:55:30 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable
[2012.07.22 10:26:51 | 000,302,592 | ---- | C] () -- C:\Users\Guido\Desktop\ibtj4qky.exe
[2012.07.22 10:25:08 | 000,050,477 | ---- | C] () -- C:\Users\Guido\Desktop\Defogger.exe
[2012.07.21 17:15:59 | 000,007,173 | ---- | C] () -- C:\Users\Guido\Desktop\Tennis.jpg
[2012.07.21 17:11:39 | 000,006,599 | ---- | C] () -- C:\Users\Guido\Desktop\Handball.jpg
[2012.07.21 17:07:04 | 000,006,415 | ---- | C] () -- C:\Users\Guido\Desktop\Hockey.jpg
[2012.07.21 16:59:58 | 000,006,448 | ---- | C] () -- C:\Users\Guido\Desktop\Fußball.jpg
[2012.07.21 16:51:20 | 000,007,570 | ---- | C] () -- C:\Users\Guido\Desktop\Basketball.jpg
[2012.07.21 01:04:01 | 000,000,034 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\blckdom.res
[2012.07.20 23:20:06 | 000,268,992 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.20 23:20:06 | 000,006,400 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.13 19:55:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.04 15:45:37 | 000,138,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.06.27 13:58:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.26 23:34:06 | 000,093,855 | ---- | C] () -- C:\Users\Guido\Desktop\Elternhockey.jpg
[2012.05.01 13:08:16 | 000,004,155 | ---- | C] () -- C:\ProgramData\wchswdhf.hou
[2011.12.19 13:51:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.07 22:30:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.07 22:14:39 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.09.25 16:15:40 | 000,307,008 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.02.16 11:22:01 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.16 11:22:01 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.02.16 11:22:00 | 001,462,272 | ---- | C] () -- C:\Windows\System32\mmc.dll
 
========== LOP Check ==========
 
[2012.07.17 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.18 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.19 09:36:38 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.20 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.002
[2011.10.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon
[2012.07.17 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dexpot
[2012.07.22 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox
[2012.01.27 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GHISLER
[2012.05.03 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC
[2011.10.27 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.10.07 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\IrfanView
[2012.07.17 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\kock
[2012.02.17 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer
[2012.02.17 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenCandy
[2012.04.07 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Origin
[2012.02.17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Outlook
[2011.12.19 13:51:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pdfforge
[2011.10.10 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\ProtectDISC
[2012.07.03 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\The Bat!
[2012.07.20 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.02.17 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Uniblue
[2012.07.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.22 22:23:52 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2009.07.14 06:53:46 | 000,019,780 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 < End of report >
         
--- --- ---



vielen DANK

Alt 23.07.2012, 09:12   #8
Chris4You
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



Hi,

soweit so gut:
Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 23.07.2012, 11:48   #9
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



wow ... sieht aus meiner unwissenden Sicht ganz gut aus

log von OTL Fix
HTML-Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5155a08c-75bd-11e1-92ae-0030840d728f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5155a08c-75bd-11e1-92ae-0030840d728f}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40684f4-58c5-11e1-8aac-0030840d728f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40684f4-58c5-11e1-8aac-0030840d728f}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Guido\AppData\Roaming\14001.001\components folder moved successfully.
C:\Users\Guido\AppData\Roaming\14001.001 folder moved successfully.
C:\Users\Guido\AppData\Roaming\UAs folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.027\components folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.027 folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.026 folder moved successfully.
C:\Users\Guido\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Guido\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guido
->Temp folder emptied: 63831824 bytes
->Temporary Internet Files folder emptied: 110736626 bytes
->Java cache emptied: 314911 bytes
->FireFox cache emptied: 300025586 bytes
->Google Chrome cache emptied: 30986535 bytes
->Flash cache emptied: 161713 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127183667 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 604,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_101449

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
fehlt ein log?
wenn ja wo finde ich den?


VIELEN DANK

Alt 23.07.2012, 12:13   #10
Chris4You
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



Hi,

wie verhält sich der Rechner? Wieder alles OK?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 23.07.2012, 15:05   #11
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



macht einen guten Eindruck ...
der GUV Bildschirm kommt nicht mehr ... auch der Virenscanner zeigt nicht

Ich muss mich noch mal vielmals bedanken

eine super Hilfe ...

Gruß Guido

Alt 23.07.2012, 15:53   #12
Chris4You
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



Hi,

das Verzeichnis C:\_OTL und OTL löschen, MAM kannst Du behalten und ab- und an updaten und Fullscann laufen lassen...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 23.07.2012, 20:58   #13
Freshi
 
GUV Trojaner ... RKIT usw. - Standard

GUV Trojaner ... RKIT usw.



auch das erfolgreich ausgeführt :=)

Antwort

Themen zu GUV Trojaner ... RKIT usw.
2.0.7, antivir, application/pdf:, avira, bho, bonjour, document, driverscanner, error, firefox, flash player, format, helper, install.exe, langs, locker, logfile, microsoft office word, mozilla, ntdll.dll, object, pdfforge toolbar, problem, realtek, registry, rundll, scan, searchscopes, security, senden, svchost.exe, tracker, trojaner, udp, windows, windows xp



Ähnliche Themen: GUV Trojaner ... RKIT usw.


  1. RKIT/13850.A + JS/Redirector.EB.157 - Backdoor/Trojaner? - Ist mein System infiziert?
    Log-Analyse und Auswertung - 09.07.2014 (11)
  2. RKIT/Agent.AW
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (1)
  3. Antivir findet folgende Trojaner; TR/Bredolab.30208 und RKIT/Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (14)
  4. Mehrere Trojaner (tr/drop.Rkit.ey) in Tempordner oder (tr/tool.injector.605242)
    Log-Analyse und Auswertung - 08.01.2010 (39)
  5. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
  6. RKIT.DVD.settec.DLL
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (2)
  7. Trojaner RKIT/Agent.cva lässt sich nicht löschen
    Log-Analyse und Auswertung - 04.09.2008 (3)
  8. RKIT/Agent.WK
    Plagegeister aller Art und deren Bekämpfung - 21.02.2008 (1)
  9. Trojaner TR/RKit.Agent.GO von AntiVir entdeckt...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2007 (5)
  10. Trojaner TR/RKit.Agent.DW.2 gefunden :/
    Log-Analyse und Auswertung - 24.03.2007 (1)
  11. Trojaner TR/RKit.Agent.EG laut AV
    Log-Analyse und Auswertung - 19.03.2007 (9)
  12. Trojaner RKit.Agent.DW.1 gefunden - bitte um Hilfe
    Log-Analyse und Auswertung - 05.03.2007 (6)
  13. TR/Rkit.Bagle.GL
    Plagegeister aller Art und deren Bekämpfung - 08.02.2007 (9)
  14. Trojaner eingefangen: TR/Rkit.Bagle.GL - Hilfeee..
    Plagegeister aller Art und deren Bekämpfung - 06.01.2007 (7)
  15. TR/RKit.Nuclear.0.B
    Plagegeister aller Art und deren Bekämpfung - 23.12.2006 (11)
  16. Trojaner TR/RKit.Agent.BK
    Log-Analyse und Auswertung - 03.03.2006 (5)
  17. TR/RKit.Agent.Q
    Plagegeister aller Art und deren Bekämpfung - 14.07.2005 (9)

Zum Thema GUV Trojaner ... RKIT usw. - Hallo liebe Helfer, leider gehöre ich nun auch zu denen die es erwischt hat. Leider habe ich gedacht das mein Virenscanner das Problem lösen könnte, konnte er aber nicht Dann - GUV Trojaner ... RKIT usw....
Archiv
Du betrachtest: GUV Trojaner ... RKIT usw. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.