| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV Trojaner ... RKIT usw.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 20:20
| #1 |
| |  GUV Trojaner ... RKIT usw. Hallo liebe Helfer, leider gehöre ich nun auch zu denen die es erwischt hat. Leider habe ich gedacht das mein Virenscanner das Problem lösen könnte, konnte er aber nicht  Dann bin ich aufs das Board hier gestoßen und erhoffe mir Hilfe ... schon mal DANKE im voraus. Folgendes habe ich schon gemacht: Log von Defogger HTML-Code: defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:55 on 22/07/2012 (Guido) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- HTML-Code: OTL logfile created on: 22.07.2012 13:11:06 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Guido\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,56% Memory free 6,50 Gb Paging File | 3,78 Gb Available in Paging File | 58,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 0,29 Gb Free Space | 0,06% Space Free | Partition Type: NTFS Drive D: | 465,75 Gb Total Space | 19,05 Gb Free Space | 4,09% Space Free | Partition Type: NTFS Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32 Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe PRC - [2012.07.19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 09:10:23 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 09:10:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.09 14:15:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll MOD - [2012.07.12 05:10:15 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.06.19 09:32:19 | 020,313,384 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll MOD - [2012.06.19 09:32:17 | 000,895,312 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll MOD - [2012.06.19 09:32:15 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll MOD - [2012.06.19 09:32:13 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll MOD - [2012.06.19 09:32:11 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll MOD - [2011.11.05 19:28:07 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.07.19 09:06:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 05:10:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.05.15 09:29:18 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012.05.08 09:10:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 09:10:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 DB AA C0 20 61 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{10850D83-343F-406A-A45B-D91E3E8634B9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.03 22:57:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 09:06:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.03 22:57:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M] [2011.10.07 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions [2012.07.20 18:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions [2012.05.28 22:16:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions\ffxtlbra@softonic.com [2012.03.18 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.20 18:48:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2012.07.20 18:48:16 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2012.07.19 09:36:38 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GUIDO\APPDATA\ROAMING\14001.001 [2011.12.21 10:04:00 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI [2012.07.12 09:46:14 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.07.19 09:06:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.18 10:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 10:26:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.18 10:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 10:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 10:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 10:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR) O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [EA Core] "D:\Laufwerk 01 - Spiele\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A93ED40-A503-40DE-9B83-20D6EA37AAFB}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C971016A-A13B-4E3B-8E35-373D9464C53F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Guido\AppData\Roaming\appconf32.exe) - C:\Users\Guido\AppData\Roaming\appconf32.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.07.22 10:25:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe [2012.07.20 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.07.20 18:48:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001 [2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs [2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027 [2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026 [2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm [2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock [2012.07.02 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{C2FB2A83-EF1B-46C0-B383-9D4ED7A95413} [2012.07.02 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{401FEA2C-C3C0-41DF-958D-9C9B47EE4A7B} [2012.07.02 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{9022BCDE-90C6-47AD-9C49-5A998876DD98} [2012.07.02 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{A4DF6914-2424-4C1C-A627-9D1E1C50B99C} [2012.06.28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{7B0F5608-0956-4D5A-86AE-32169B9B451A} [2012.06.28 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{2FF35CC5-C97C-43B1-904B-E23E766FEE80} [2012.06.28 10:00:58 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.06.28 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{1D667315-0D10-4F83-8A10-96098EE0F2F2} [2012.06.28 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{4EA823DB-6CA8-45D5-B717-CE9F0C1C4C0D} [2012.06.28 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{B18A71C7-E036-4666-8EB6-8C4140AA50FB} [2012.06.28 09:54:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{72C3D745-1C7F-44D8-93D7-C24ACCEC93FA} [2012.06.27 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Skype [2012.06.27 13:58:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.06.27 13:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.06.27 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\Macromedia [1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.07.22 13:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.22 13:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.22 12:55:30 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable [2012.07.22 12:29:12 | 000,000,017 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\blckdom.res [2012.07.22 10:26:53 | 000,302,592 | ---- | M] () -- C:\Users\Guido\Desktop\ibtj4qky.exe [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe [2012.07.22 10:25:13 | 000,050,477 | ---- | M] () -- C:\Users\Guido\Desktop\Defogger.exe [2012.07.22 10:10:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.21 17:15:59 | 000,007,173 | ---- | M] () -- C:\Users\Guido\Desktop\Tennis.jpg [2012.07.21 17:11:39 | 000,006,599 | ---- | M] () -- C:\Users\Guido\Desktop\Handball.jpg [2012.07.21 17:07:04 | 000,006,415 | ---- | M] () -- C:\Users\Guido\Desktop\Hockey.jpg [2012.07.21 16:59:58 | 000,006,448 | ---- | M] () -- C:\Users\Guido\Desktop\Fußball.jpg [2012.07.21 16:51:20 | 000,007,570 | ---- | M] () -- C:\Users\Guido\Desktop\Basketball.jpg [2012.07.20 23:20:06 | 000,268,992 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll [2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll [2012.07.17 09:57:13 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.17 09:57:13 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.17 09:54:11 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.07.17 09:53:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.17 09:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.17 09:49:37 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2012.07.13 19:55:53 | 000,001,887 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.12 19:07:03 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.12 03:24:56 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.04 15:45:37 | 000,138,460 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.06.27 13:58:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.26 23:34:06 | 000,093,855 | ---- | M] () -- C:\Users\Guido\Desktop\Elternhockey.jpg [1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.07.22 12:55:30 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable [2012.07.22 10:26:51 | 000,302,592 | ---- | C] () -- C:\Users\Guido\Desktop\ibtj4qky.exe [2012.07.22 10:25:08 | 000,050,477 | ---- | C] () -- C:\Users\Guido\Desktop\Defogger.exe [2012.07.21 17:15:59 | 000,007,173 | ---- | C] () -- C:\Users\Guido\Desktop\Tennis.jpg [2012.07.21 17:11:39 | 000,006,599 | ---- | C] () -- C:\Users\Guido\Desktop\Handball.jpg [2012.07.21 17:07:04 | 000,006,415 | ---- | C] () -- C:\Users\Guido\Desktop\Hockey.jpg [2012.07.21 16:59:58 | 000,006,448 | ---- | C] () -- C:\Users\Guido\Desktop\Fußball.jpg [2012.07.21 16:51:20 | 000,007,570 | ---- | C] () -- C:\Users\Guido\Desktop\Basketball.jpg [2012.07.21 01:04:01 | 000,000,017 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\blckdom.res [2012.07.20 23:20:06 | 000,268,992 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll [2012.07.20 23:20:06 | 000,006,400 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll [2012.07.13 19:55:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.13 19:55:53 | 000,001,887 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.04 15:45:37 | 000,138,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.06.27 13:58:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.26 23:34:06 | 000,093,855 | ---- | C] () -- C:\Users\Guido\Desktop\Elternhockey.jpg [2012.05.01 13:08:16 | 000,004,155 | ---- | C] () -- C:\ProgramData\wchswdhf.hou [2011.12.19 13:51:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.10.07 22:30:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.10.07 22:14:39 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.09.25 16:15:40 | 000,307,008 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.02.16 11:22:01 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2011.02.16 11:22:01 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2011.02.16 11:22:00 | 001,462,272 | ---- | C] () -- C:\Windows\System32\mmc.dll [2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\Guido\AppData\Roaming\appconf32.exe [color=#E56717]========== LOP Check ==========[/color] [2012.07.17 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.026 [2012.07.18 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.027 [2012.07.19 09:36:38 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.001 [2012.07.20 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.002 [2011.10.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon [2012.07.17 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dexpot [2012.07.22 13:06:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox [2012.01.27 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GHISLER [2012.05.03 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC [2011.10.27 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.10.07 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\IrfanView [2012.07.17 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\kock [2012.02.17 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer [2012.02.17 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenCandy [2012.04.07 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Origin [2012.02.17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Outlook [2011.12.19 13:51:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pdfforge [2011.10.10 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\ProtectDISC [2012.07.03 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\The Bat! [2012.07.20 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\UAs [2012.02.17 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Uniblue [2012.07.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\xmldm [2012.07.17 09:54:11 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2009.07.14 06:53:46 | 000,019,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > HTML-Code: ´OTL Extras logfile created on: 22.07.2012 13:11:06 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Guido\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,56% Memory free 6,50 Gb Paging File | 3,78 Gb Available in Paging File | 58,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 0,29 Gb Free Space | 0,06% Space Free | Partition Type: NTFS Drive D: | 465,75 Gb Total Space | 19,05 Gb Free Space | 4,09% Space Free | Partition Type: NTFS Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32 Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C87FC15-85F4-4FC7-A205-7FACA629F142}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1422CF8F-FA48-4CD7-B3F4-AA8884450F1A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1B274725-6B6B-428E-A997-2112CADE9DD5}" = lport=137 | protocol=17 | dir=in | app=system | "{1C80EF7C-9196-4B0C-BA70-74B78DE64A3D}" = lport=10243 | protocol=6 | dir=in | app=system | "{2257825C-D697-4DDA-8E2C-8C8B9FE23A69}" = rport=139 | protocol=6 | dir=out | app=system | "{282EF124-8FAC-4A35-8711-DD7FB3016FF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{303FA16C-C8E8-45C4-ADB8-F7F940495D06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{35CEA49E-C965-4DA6-B40A-DC2E64104F4D}" = rport=138 | protocol=17 | dir=out | app=system | "{375E99A0-C8A8-4CAC-903F-65AF689FAFE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{43D59A3B-732A-432E-A23D-3CEFAD0848E4}" = lport=139 | protocol=6 | dir=in | app=system | "{50BACEAE-C876-42CB-B561-746D277D80D2}" = lport=2869 | protocol=6 | dir=in | app=system | "{721C96A7-060E-4B4D-858C-C0F0DCC4B496}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8F4009CE-A26A-419B-B13B-14DC262A5B42}" = lport=445 | protocol=6 | dir=in | app=system | "{91BC4E61-9519-4266-A2F7-92FD84AADF1F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{94D63662-7837-4D63-889D-52F41708C1BF}" = lport=138 | protocol=17 | dir=in | app=system | "{9C4F056A-B635-4FB6-BC2E-B0D5BD0D0325}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{A25A2C63-93C6-45DD-8BB6-38CA19A3F0D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A4DAEC9B-BED9-42B5-AA14-030EABA7F2D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AB14BC27-0339-4315-AFCF-A0F5232B30C4}" = rport=10243 | protocol=6 | dir=out | app=system | "{B33A78AC-333E-455E-8EF1-840C3E886D06}" = rport=137 | protocol=17 | dir=out | app=system | "{D34FBB6F-D9FB-4DB8-852B-B60A5675CC2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E2BA3C2F-4C81-4D58-BC19-1BD4E75D1B30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E3A06A12-A641-4387-915F-AA72B48A2579}" = rport=445 | protocol=6 | dir=out | app=system | "{FCA9678C-4520-4840-996D-4B3650729C53}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00CED399-6794-4E96-9650-4FDAA508DBA0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{0A583036-8C42-4311-B68B-31010D5C3338}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 de\maxpayne2.exe | "{103AFD8C-8694-4537-935D-031A76F08DDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{14A41881-DD07-48B4-BC22-5B8CAFD36D4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{15B93DB8-5935-41B6-93A3-A9306144ECA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{18BFA096-8D30-42AE-A77C-5D3CDC687522}" = dir=in | app=c:\program files\itunes\itunes.exe | "{18D79A62-179F-4A2C-8D3C-87F75E65D9F7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{19E5CB78-4AAD-42B4-AEB7-4A085C08F120}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1EF2F8E9-8F76-4760-95B2-719112AE4E6B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 de\maxpayne2.exe | "{29850D3D-F2C3-4B4C-B4F7-F3EB28B5E8E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{29D7805A-2D16-4DC0-8681-C8A726883D4C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{329FC300-709B-46FE-8DDB-39A7546C6533}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcry.exe | "{3836FB6A-8936-4F7F-AA9C-952B961D28B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{3B2CC343-C021-4E19-957C-FECC80E8D70F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{3BC2E57B-372C-46EE-ACA3-54F4361177D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3D7439FC-C628-4D42-BACA-270FBD5C15EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | "{4C898DF4-B9BB-4788-911E-A88A1121AAF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{50674CD6-6DA6-4D14-85DC-1F7A3B359D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{542B756F-4E7A-4A47-92B1-3EEF5E76E792}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{54DDFC34-8D1A-4A9F-8B26-EACD8953E2B0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hsk251197\counter-strike source\hl2.exe | "{5B94EC02-4E83-41C1-B09D-DF459A9FAC2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{5D3AD77C-68B1-4081-BA17-E2F494F4CF25}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{5FE4F010-D440-4754-97F9-56416F37ED6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{66C6DA7C-4FBD-4423-BE64-56F5ADEC33E1}" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | "{6C80CCEA-2613-4A83-9990-3030DCA4B697}" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | "{6EDF1C49-18C8-4831-86D3-D0EE6A1E9E56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{6FBFBEEE-2DA1-4A24-A290-E911661101B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{777D9387-D6B2-4AB7-B663-B8668B844A2B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcry.exe | "{7A369D79-0C80-4505-A349-A7890A220F65}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ghost recon\ghostrecon.exe | "{7A9FBD53-829C-46EA-B5D9-C3FC705580B6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | "{83ACDC5C-4BBA-4DCC-A4A7-F1419F173F52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{89AF6A07-331F-42FC-979C-7B2A9CDC8EC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8AB67688-BA20-40CA-A734-7F196FCAB6DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ghost recon\ghostrecon.exe | "{8D9A7686-70EF-4C01-A208-219ACB50C05D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{99488DFC-128B-4850-8CA2-582FB21CF87B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{9B75E4AB-B90B-4EF3-B101-1843DCE8C4DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9EDCA419-1022-495E-802A-B70DB370F0D8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hsk251197\counter-strike source\hl2.exe | "{A4A5647C-C2D6-4F18-88D1-1A34CC75577F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A7436D02-36B8-4476-9635-5C25168ED5A3}" = protocol=6 | dir=out | app=system | "{B04EF0CD-9BA9-4943-9674-D437CD66980B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{B26C2BB2-B7B8-4ECA-8AFF-7734FE9D712B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BF870978-7C85-4D2F-B302-15D1A7829AB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C79C6E93-E73D-4442-8436-41DC74A8E21E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6C8E854-6427-450E-BD50-9B1EE9938218}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBD97CA3-11E5-42C6-87AD-381BBBFCEC6E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EBDFB598-9079-45CC-8686-33EAA0547163}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F03B5F33-83D9-4D6D-88A4-EC169F0D83E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FB47F649-B7DC-4C4A-89E2-00C9EE713DC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{4ABCAE1B-3E35-4FC8-A7E1-FF125A8A105E}D:\laufwerk 05\mod.exe" = protocol=6 | dir=in | app=d:\laufwerk 05\mod.exe | "TCP Query User{59458B5A-02A8-4152-99F3-BAD935E0D361}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{7182A5FC-5B0E-46E3-9DA3-3D37E895095D}D:\laufwerk 05\mod.exe" = protocol=6 | dir=in | app=d:\laufwerk 05\mod.exe | "TCP Query User{D1A227E8-8665-4D5F-A7CA-BFDC05C070B1}C:\users\guido\downloads\s4fp2pclient_mod\mod.exe" = protocol=6 | dir=in | app=c:\users\guido\downloads\s4fp2pclient_mod\mod.exe | "TCP Query User{E4A36864-7508-43A4-B721-4B266A0684BF}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{03B78B4B-619B-4FC6-99BB-30BECB219D5A}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{05826A24-97BF-444A-ADD7-99939F1BBAB4}C:\users\guido\downloads\s4fp2pclient_mod\mod.exe" = protocol=17 | dir=in | app=c:\users\guido\downloads\s4fp2pclient_mod\mod.exe | "UDP Query User{521855A8-2AB2-4AC6-AA83-083D76B6A99C}D:\laufwerk 05\mod.exe" = protocol=17 | dir=in | app=d:\laufwerk 05\mod.exe | "UDP Query User{6971F20C-3D2F-4F3F-B1BC-5CEC50C79C09}D:\laufwerk 05\mod.exe" = protocol=17 | dir=in | app=d:\laufwerk 05\mod.exe | "UDP Query User{CFF06AEF-DFD1-49B3-9AB9-DBD86E6FBE17}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 276.14 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.14 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.14 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C86FD824-E01A-4C78-9A56-39FF2E4FBDA5}" = TheBat! Home v5.0.36 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "ccpWinGUI" = ccpWinGUI 1.23 "DivX Setup" = DivX-Setup "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "Google Chrome" = Google Chrome "IrfanView" = IrfanView (remove only) "LM98Free 2.2a_is1" = LM98Free 2.2a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MPE" = MyPhoneExplorer "NAC SPORT BASIC" = NAC SPORT BASIC "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Professional 2010 "Origin" = Origin "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "softonic" = Softonic toolbar on IE and Chrome "Steam App 13520" = Far Cry "Steam App 15300" = Tom Clancy's Ghost Recon "Steam App 19900" = Far Cry 2 "Steam App 210410" = Max Payne 2 DE "Steam App 240" = Counter-Strike: Source "TeamViewer 7" = TeamViewer 7 "Totalcmd" = Total Commander (Remove or Repair) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit) [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dexpot" = Dexpot "Dropbox" = Dropbox "gamealarm-DEFAULT" = Game Alarm "sc12-AT_MAIN" = Ski Challenge 12 (AT) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 19.07.2012 16:16:53 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78ca9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00047732 ID des fehlerhaften Prozesses: 0x14e4 Startzeit der fehlerhaften Anwendung: 0x01cd63f1499dd998 Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ad6aaa1e-d1de-11e1-8a92-0030840d728f Error - 20.07.2012 12:20:15 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc225 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0148201c ID des fehlerhaften Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cd63f149a75f19 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: c9b19660-d286-11e1-8a92-0030840d728f Error - 20.07.2012 12:41:53 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 14.0.1.4577, Zeitstempel: 0x5000b729 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x3854 Startzeit der fehlerhaften Anwendung: 0x01cd657d011955e5 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: cf38d897-d289-11e1-8a92-0030840d728f Error - 20.07.2012 12:43:29 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 20.07.2012 18:30:35 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 21.07.2012 17:28:49 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Mod.exe, Version: 2.0.1.23, Zeitstempel: 0x4229dd46 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001e8b6a ID des fehlerhaften Prozesses: 0x1a5a4 Startzeit der fehlerhaften Anwendung: 0x01cd64fb16a7b876 Pfad der fehlerhaften Anwendung: D:\Laufwerk 05\Mod.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0f26e64b-d37b-11e1-8a92-0030840d728f Error - 21.07.2012 18:30:36 | Computer Name = Rechner-Guido | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 21.07.2012 18:30:42 | Computer Name = Rechner-Guido | Source = System Restore | ID = 8193 Description = Error - 21.07.2012 18:30:42 | Computer Name = Rechner-Guido | Source = System Restore | ID = 8211 Description = Error - 22.07.2012 01:30:37 | Computer Name = Rechner-Guido | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a4a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00045568 ID des fehlerhaften Prozesses: 0x162c Startzeit der fehlerhaften Anwendung: 0x01cd63f0e628c17b Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 5d9006f5-d3be-11e1-8a92-0030840d728f [ System Events ] Error - 17.07.2012 01:10:30 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10010 Description = Error - 17.07.2012 11:06:14 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 17.07.2012 20:22:04 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 18.07.2012 05:10:00 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7034 Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 18.07.2012 05:10:30 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10010 Description = Error - 18.07.2012 08:59:55 | Computer Name = Rechner-Guido | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden. Error - 18.07.2012 20:10:01 | Computer Name = Rechner-Guido | Source = DCOM | ID = 10005 Description = Error - 18.07.2012 20:10:01 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%109 Error - 19.07.2012 15:11:50 | Computer Name = Rechner-Guido | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 22.07.2012 01:30:44 | Computer Name = Rechner-Guido | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > HTML-Code: GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 15:42:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD103SI rev.1AG01118
Running: ibtj4qky.exe; Driver: C:\Users\Guido\AppData\Local\Temp\kwdiyaoc.sys
---- System - GMER 1.0.15 ----
SSDT 90468A16 ZwCreateSection
SSDT 90468A20 ZwRequestWaitReplyPort
SSDT 90468A1B ZwSetContextThread
SSDT 90468A25 ZwSetSecurityObject
SSDT 90468A2A ZwSystemDebugControl
SSDT 904689B7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E813C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC1EAC 4 Bytes [16, 8A, 46, 90] {PUSH SS; MOV AL, [ESI-0x70]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EC2208 4 Bytes [20, 8A, 46, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EC224C 4 Bytes [1B, 8A, 46, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EC22C8 4 Bytes [25, 8A, 46, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EC231C 4 Bytes [2A, 8A, 46, 90]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9F83669D]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[124] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[348] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\system32\wininit.exe[416] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 00110313
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[616] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text ...
.text C:\Windows\Explorer.EXE[3316] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 047C50CA
.text C:\Windows\system32\conhost.exe[3872] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 000A0313
.text C:\Windows\system32\WUDFHost.exe[3896] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 008E0313
.text C:\Windows\system32\SearchIndexer.exe[3988] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\System32\svchost.exe[5056] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[7936] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 06C80313
.text ...
.text C:\Windows\system32\svchost.exe[28308] kernel32.dll!ExitProcess 7617BBE2 5 Bytes JMP 00020389
.text C:\Program Files\Steam\steam.exe[37248] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\system32\taskhost.exe[50408] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe[53440] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text C:\Windows\system32\conhost.exe[66276] ntdll.dll!NtClearEvent + F 779854C7 6 Bytes JMP 001F0313
.text C:\Windows\system32\Dwm.exe[73208] ntdll.dll!NtClearEvent + F 779854C7 1 Byte [00]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 740
Process hidden process (*** hidden *** ) 7672
Process hidden process (*** hidden *** ) 10064
Process hidden process (*** hidden *** ) 12072
Process hidden process (*** hidden *** ) 13860
Process hidden process (*** hidden *** ) 16080
Process hidden process (*** hidden *** ) 18692
Process hidden process (*** hidden *** ) 20512
Process hidden process (*** hidden *** ) 50400
---- EOF - GMER 1.0.15 ---- Wenn etwas fehlt liefere ich gerne nach ... Gruß Freshi |
|
22.07.2012, 20:51
| #2 |
  | GUV Trojaner ... RKIT usw. Hi,
__________________das ist ein Banker, von einem sauberen Rechner aus sofort alle Passwörter ändern! Das ist Dein Freund: C:\Users\Guido\AppData\Roaming\appconf32.exe () Das sollte MAM schaffen, nach Suche&Bereinigung ein neues OTL-Logfile posten. Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris Für mich: [2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001 [2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs [2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027 [2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026 [2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm [2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock
__________________ Geändert von Chris4You (22.07.2012 um 21:00 Uhr) |
|
22.07.2012, 21:20
| #3 |
| | GUV Trojaner ... RKIT usw. WOW ... das ging aber schnell ... vielen DANK
__________________Log von mbam HTML-Code: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Guido :: RECHNER-GUIDO [Administrator] Schutz: Aktiviert 22.07.2012 22:05:23 mbam-log-2012-07-22 (22-05-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 181544 Laufzeit: 8 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent) -> Bösartig: (C:\Users\Guido\AppData\Roaming\appconf32.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Windows\system32\userinit.exe,C:\Users\Guido\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\Guido\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Guido\Downloads\SoftonicDownloader_fuer_htc-sync.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Guido\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Guido\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) mein Virenscanner hat zeitgleich folgendes gemeldet unerwünschtes Programm ... TR/Drop.Injector.fkhx weiterhin vielen DANK |
|
22.07.2012, 21:22
| #4 |
| | GUV Trojaner ... RKIT usw. Hi, und jetzt wiederholen wir das Ganze nochmal mit einem FULLSCAN... Poste auch dieses Log und ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
22.07.2012, 21:29
| #5 |
| | GUV Trojaner ... RKIT usw. sorry für die Nachfrage Fullscann mit mbam und danach OTL ? Gruß |
|
22.07.2012, 21:42
| #6 |
| | GUV Trojaner ... RKIT usw. ________Si!________
__________________ --> GUV Trojaner ... RKIT usw. |
|
22.07.2012, 22:41
| #7 |
| | GUV Trojaner ... RKIT usw. auch das ist erledigt log mbam (Fullscan) HTML-Code: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Guido :: RECHNER-GUIDO [Administrator] Schutz: Aktiviert 22.07.2012 22:29:39 mbam-log-2012-07-22 (22-29-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 317055 Laufzeit: 59 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) log von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2012 23:31:40 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Guido\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 41,47% Memory free 6,50 Gb Paging File | 3,96 Gb Available in Paging File | 60,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 3,55 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive D: | 465,75 Gb Total Space | 13,94 Gb Free Space | 2,99% Space Free | Partition Type: NTFS Drive M: | 465,65 Gb Total Space | 5,23 Gb Free Space | 1,12% Space Free | Partition Type: FAT32 Computer Name: RECHNER-GUIDO | User Name: Guido | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe PRC - [2012.07.19 15:21:18 | 001,091,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 09:10:23 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 09:10:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.04.09 14:15:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.09.26 01:58:00 | 000,842,048 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.09.09 15:18:12 | 001,298,432 | ---- | M] (Dexpot GbR) -- C:\Programme\Dexpot\dexpot.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.16 12:22:26 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\driverscanner.exe PRC - [2011.05.16 12:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.03 15:51:50 | 000,163,328 | ---- | M] (Dexpot GbR) -- C:\Programme\Dexpot\plugins\SevenDex.exe ========== Modules (No Company Name) ========== MOD - [2012.06.19 09:32:19 | 020,313,384 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll MOD - [2012.06.19 09:32:17 | 000,895,312 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll MOD - [2012.06.19 09:32:15 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll MOD - [2012.06.19 09:32:13 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll MOD - [2012.06.19 09:32:11 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll MOD - [2012.05.11 03:33:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.11 03:33:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 03:32:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 03:32:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 03:32:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.16 12:22:26 | 000,407,400 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\locale\de\de.dll MOD - [2011.05.16 12:22:26 | 000,071,016 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\InstallerExtensions.dll MOD - [2011.05.16 12:22:26 | 000,018,792 | ---- | M] () -- C:\Programme\Uniblue\DriverScanner\cwebpage.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.19 15:10:36 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.07.19 09:06:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 05:10:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 09:10:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 09:10:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.09.25 16:15:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.05.15 09:29:18 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) ========== Driver Services (SafeList) ========== DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 09:10:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 09:10:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 DB AA C0 20 61 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{10850D83-343F-406A-A45B-D91E3E8634B9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.03 22:57:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 09:06:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.03 22:57:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 23:20:17 | 000,000,000 | ---D | M] [2011.10.07 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions [2012.07.20 18:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions [2012.05.28 22:16:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\13adpyx7.default\extensions\ffxtlbra@softonic.com [2012.03.18 23:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.20 18:48:16 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2012.07.20 18:48:16 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2012.07.20 23:20:17 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\GUIDO\APPDATA\ROAMING\14001.002 [2011.12.21 10:04:00 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI [2012.07.12 09:46:14 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\GUIDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13ADPYX7.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.07.19 09:06:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.18 10:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 10:26:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.18 10:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 10:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 10:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 10:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot\dexpot.exe (Dexpot GbR) O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [EA Core] "D:\Laufwerk 01 - Spiele\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A93ED40-A503-40DE-9B83-20D6EA37AAFB}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C971016A-A13B-4E3B-8E35-373D9464C53F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.22 22:02:53 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Malwarebytes [2012.07.22 22:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.22 22:02:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.22 22:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.22 22:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.22 21:59:41 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Guido\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.22 10:25:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe [2012.07.20 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.002 [2012.07.20 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.07.20 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.07.20 18:48:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001 [2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs [2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027 [2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026 [2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm [2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock [2012.07.02 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{C2FB2A83-EF1B-46C0-B383-9D4ED7A95413} [2012.07.02 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{401FEA2C-C3C0-41DF-958D-9C9B47EE4A7B} [2012.07.02 18:37:51 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{9022BCDE-90C6-47AD-9C49-5A998876DD98} [2012.07.02 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{A4DF6914-2424-4C1C-A627-9D1E1C50B99C} [2012.06.28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{7B0F5608-0956-4D5A-86AE-32169B9B451A} [2012.06.28 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{2FF35CC5-C97C-43B1-904B-E23E766FEE80} [2012.06.28 10:00:58 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.06.28 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{1D667315-0D10-4F83-8A10-96098EE0F2F2} [2012.06.28 09:56:29 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{4EA823DB-6CA8-45D5-B717-CE9F0C1C4C0D} [2012.06.28 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{B18A71C7-E036-4666-8EB6-8C4140AA50FB} [2012.06.28 09:54:13 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\{72C3D745-1C7F-44D8-93D7-C24ACCEC93FA} [2012.06.27 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Skype [2012.06.27 13:58:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.27 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.06.27 13:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.06.27 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\Macromedia [1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.22 23:10:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.22 23:10:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.22 22:31:04 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 22:31:04 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 22:23:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.22 22:23:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.07.22 22:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 22:23:33 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 22:02:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 22:00:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Guido\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.22 20:21:37 | 000,000,034 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\blckdom.res [2012.07.22 12:55:30 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable [2012.07.22 10:26:53 | 000,302,592 | ---- | M] () -- C:\Users\Guido\Desktop\ibtj4qky.exe [2012.07.22 10:25:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe [2012.07.22 10:25:13 | 000,050,477 | ---- | M] () -- C:\Users\Guido\Desktop\Defogger.exe [2012.07.21 17:15:59 | 000,007,173 | ---- | M] () -- C:\Users\Guido\Desktop\Tennis.jpg [2012.07.21 17:11:39 | 000,006,599 | ---- | M] () -- C:\Users\Guido\Desktop\Handball.jpg [2012.07.21 17:07:04 | 000,006,415 | ---- | M] () -- C:\Users\Guido\Desktop\Hockey.jpg [2012.07.21 16:59:58 | 000,006,448 | ---- | M] () -- C:\Users\Guido\Desktop\Fußball.jpg [2012.07.21 16:51:20 | 000,007,570 | ---- | M] () -- C:\Users\Guido\Desktop\Basketball.jpg [2012.07.20 23:20:06 | 000,268,992 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll [2012.07.20 23:20:06 | 000,006,400 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll [2012.07.17 09:53:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.12 19:07:03 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.12 03:24:56 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.04 15:45:37 | 000,138,460 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.27 13:58:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.26 23:34:06 | 000,093,855 | ---- | M] () -- C:\Users\Guido\Desktop\Elternhockey.jpg [1 C:\Users\Guido\AppData\Roaming\*.tmp files -> C:\Users\Guido\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.22 22:02:41 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 12:55:30 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable [2012.07.22 10:26:51 | 000,302,592 | ---- | C] () -- C:\Users\Guido\Desktop\ibtj4qky.exe [2012.07.22 10:25:08 | 000,050,477 | ---- | C] () -- C:\Users\Guido\Desktop\Defogger.exe [2012.07.21 17:15:59 | 000,007,173 | ---- | C] () -- C:\Users\Guido\Desktop\Tennis.jpg [2012.07.21 17:11:39 | 000,006,599 | ---- | C] () -- C:\Users\Guido\Desktop\Handball.jpg [2012.07.21 17:07:04 | 000,006,415 | ---- | C] () -- C:\Users\Guido\Desktop\Hockey.jpg [2012.07.21 16:59:58 | 000,006,448 | ---- | C] () -- C:\Users\Guido\Desktop\Fußball.jpg [2012.07.21 16:51:20 | 000,007,570 | ---- | C] () -- C:\Users\Guido\Desktop\Basketball.jpg [2012.07.21 01:04:01 | 000,000,034 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\blckdom.res [2012.07.20 23:20:06 | 000,268,992 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\AcroIEHelpe172.dll [2012.07.20 23:20:06 | 000,006,400 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\BAcroIEHelpe172.dll [2012.07.13 19:55:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.04 15:45:37 | 000,138,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.06.27 13:58:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.26 23:34:06 | 000,093,855 | ---- | C] () -- C:\Users\Guido\Desktop\Elternhockey.jpg [2012.05.01 13:08:16 | 000,004,155 | ---- | C] () -- C:\ProgramData\wchswdhf.hou [2011.12.19 13:51:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.10.07 22:30:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.10.07 22:14:39 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.09.25 16:15:40 | 000,307,008 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.02.16 11:22:01 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2011.02.16 11:22:01 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2011.02.16 11:22:00 | 001,462,272 | ---- | C] () -- C:\Windows\System32\mmc.dll ========== LOP Check ========== [2012.07.17 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.026 [2012.07.18 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\13001.027 [2012.07.19 09:36:38 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.001 [2012.07.20 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\14001.002 [2011.10.14 16:23:20 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon [2012.07.17 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dexpot [2012.07.22 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox [2012.01.27 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GHISLER [2012.05.03 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC [2011.10.27 17:38:02 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.10.07 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\IrfanView [2012.07.17 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\kock [2012.02.17 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer [2012.02.17 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenCandy [2012.04.07 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Origin [2012.02.17 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Outlook [2011.12.19 13:51:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pdfforge [2011.10.10 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\ProtectDISC [2012.07.03 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\The Bat! [2012.07.20 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\UAs [2012.02.17 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Uniblue [2012.07.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\xmldm [2012.07.22 22:23:52 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2009.07.14 06:53:46 | 000,019,780 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > vielen DANK |
|
23.07.2012, 08:12
| #8 |
| | GUV Trojaner ... RKIT usw. Hi, soweit so gut: Fix für OTL:
 Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell - "" = AutoRun
O33 - MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2012.07.19 09:36:38 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\14001.001
[2012.07.18 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\UAs
[2012.07.18 12:36:20 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.027
[2012.07.17 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\13001.026
[2012.07.17 16:50:50 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\xmldm
[2012.07.17 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\kock
:Commands
[emptytemp]
[Reboot]
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
23.07.2012, 10:48
| #9 |
| | GUV Trojaner ... RKIT usw. wow ... sieht aus meiner unwissenden Sicht ganz gut aus log von OTL Fix HTML-Code: All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5155a08c-75bd-11e1-92ae-0030840d728f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5155a08c-75bd-11e1-92ae-0030840d728f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5155a08c-75bd-11e1-92ae-0030840d728f}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40684f4-58c5-11e1-8aac-0030840d728f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40684f4-58c5-11e1-8aac-0030840d728f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40684f4-58c5-11e1-8aac-0030840d728f}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Guido\AppData\Roaming\14001.001\components folder moved successfully.
C:\Users\Guido\AppData\Roaming\14001.001 folder moved successfully.
C:\Users\Guido\AppData\Roaming\UAs folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.027\components folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.027 folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\Guido\AppData\Roaming\13001.026 folder moved successfully.
C:\Users\Guido\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Guido\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guido
->Temp folder emptied: 63831824 bytes
->Temporary Internet Files folder emptied: 110736626 bytes
->Java cache emptied: 314911 bytes
->FireFox cache emptied: 300025586 bytes
->Google Chrome cache emptied: 30986535 bytes
->Flash cache emptied: 161713 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127183667 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 604,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_101449
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot... wenn ja wo finde ich den? VIELEN DANK |
|
23.07.2012, 11:13
| #10 |
| | GUV Trojaner ... RKIT usw. Hi, wie verhält sich der Rechner? Wieder alles OK? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
23.07.2012, 14:05
| #11 |
| | GUV Trojaner ... RKIT usw. macht einen guten Eindruck ... der GUV Bildschirm kommt nicht mehr ... auch der Virenscanner zeigt nicht Ich muss mich noch mal vielmals bedanken eine super Hilfe ... Gruß Guido |
|
23.07.2012, 14:53
| #12 |
| | GUV Trojaner ... RKIT usw. Hi, das Verzeichnis C:\_OTL und OTL löschen, MAM kannst Du behalten und ab- und an updaten und Fullscann laufen lassen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
23.07.2012, 19:58
| #13 |
| | GUV Trojaner ... RKIT usw. auch das erfolgreich ausgeführt :=) |
|
| Themen zu GUV Trojaner ... RKIT usw. |
| 2.0.7, antivir, application/pdf:, avira, bho, bonjour, document, driverscanner, error, firefox, flash player, format, helper, install.exe, langs, locker, logfile, microsoft office word, mozilla, ntdll.dll, object, pdfforge toolbar, plug-in, problem, realtek, registry, rundll, scan, searchscopes, security, senden, svchost.exe, total commander, tracker, trojaner, udp, windows, windows xp |
Linear-Darstellung
