Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner nach Backup

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.08.2012, 15:46   #1
Dome1993
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



Hallo Trojaner Gemeinde.
Bin den GVU Virus vor zwei Wochen durch Systemwiederherstellung(jedoch nur vom Vortag) vorzeitig losgeworden. Dachte ich. Hab jetzt gestern eine Email bekommen von einem Anbieter, dass mein Konto gesperrt wurde aufgrund verdächtiger Bewegungen und verschiedene Sachen. Denke ich hab den Virus also doch noch drauf -.-
Hab versucht alle Schritte abzuarbeiten :
Malwarebyte:
Code:
ATTFilter
 Malwarebytes Anti-Malware   (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

Schutz: Aktiviert

28.08.2012 11:47:26
mbam-log-2012-08-28 (11-47-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212734
Laufzeit: 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Dominik\AppData\Roaming\AcroIEHelpe180.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hab die Einträge aus Versehen entfernen lassen. Nochmal Systemwiederherstellung?

OTL:
Code:
ATTFilter
OTL logfile created on: 28.08.2012 12:29:42 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free
8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS

Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.28 12:11:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Downloads\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.21 19:39:30 | 002,043,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009.03.02 16:33:02 | 000,920,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe
PRC - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe
PRC - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2009.03.02 14:09:30 | 000,588,360 | ---- | M] () -- C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.08.14 23:27:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2009.02.25 04:24:52 | 000,852,040 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe -- (G Data Backup Service)
SRV - [2009.02.25 04:18:58 | 000,907,336 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe -- (G Data Tuner Service)
SRV - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2009.02.25 03:32:46 | 001,905,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe -- (AVKWCtl)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.22 19:03:29 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.01.22 19:03:11 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.01.22 19:02:45 | 000,048,072 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.08.11 13:46:46 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 39 59 D7 22 D9 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{4C867F62-3B83-42F5-A6F4-94C4C6942B27}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0AC79DA4-49EB-461A-94EE-1F9F69815688&apn_sauid=9D8C6F13-BB66-41FC-B95C-3FAA4C627594
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\
CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\
CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll ()
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6549C2A9-1353-4B27-A247-98E100D1FD97}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82FF7BF9-407A-4A45-8B5C-6AFFFDECE4C9}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.28 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2012.08.28 11:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 11:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 11:36:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 11:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.28 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D61A716A-1393-473F-ABC0-E26EC01161BF}
[2012.08.25 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{017905A8-2EDA-4037-8696-9DBEAC6126D8}
[2012.08.23 08:47:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AA2B18AF-BC5B-46AE-B9BB-ECC88B07D595}
[2012.08.22 10:18:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A931F075-0C04-4CA1-A97C-EA310067B345}
[2012.08.21 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{60CFB0F3-EE71-49B5-802D-AAE5B2EF6EAA}
[2012.08.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software
[2012.08.21 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.08.21 10:57:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.21 10:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.21 10:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.21 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\pdfforge
[2012.08.21 10:56:42 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2012.08.21 10:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.08.21 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F84985FD-E867-4BB4-B428-57C405838797}
[2012.08.20 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7AB08069-073D-4BCE-9C03-49D1721F37C4}
[2012.08.18 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B1D40AF9-9795-45B4-B99F-B0D1BC2C7398}
[2012.08.18 20:28:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F8A8BA6C-51A3-4C68-BD45-F5851F574B3D}
[2012.08.17 09:40:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DABE8470-8BF0-435F-AED3-DFBF9C879D9A}
[2012.08.17 09:39:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C58989A3-3509-4C31-A17E-352CB67FC828}
[2012.08.17 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2F6804EE-7E15-4FA1-889F-48CCA9FB82B7}
[2012.08.17 00:18:34 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F734149-E2E8-4999-95E2-CD6AC04E325D}
[2012.08.16 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3072A8FD-0999-480B-919C-615374A5DC88}
[2012.08.16 19:04:46 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4898FEE-7153-44EB-B897-3CD9D151045E}
[2012.08.16 18:58:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7B59A063-9355-4177-BEFE-F721389CEF5D}
[2012.08.16 18:28:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{52D3737E-B4A2-48F8-8E30-4FACABD5F36E}
[2012.08.16 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{777A45BB-37D3-4E9C-9EDE-0AFE2F01C234}
[2012.08.16 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2EC69E1B-A1A5-4DCB-84A7-7C16FB5A2D5C}
[2012.08.16 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1593CBCF-71D8-4922-9F81-9E383AA73A60}
[2012.08.16 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3FE3F998-A98D-4BCF-B9D9-BBC8000E94B2}
[2012.08.15 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F657A96-CB4A-4A8A-80BA-8FFC8A16ECE4}
[2012.08.15 11:01:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{329AA700-139D-4631-B9E8-26385A9E7BF7}
[2012.08.14 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{CCE47E2A-71D4-49BB-9286-CBA5E73178DF}
[2012.08.14 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{235B4783-F507-4420-94AB-21C6E8A20E2C}
[2012.08.14 10:30:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D500D55E-3FEC-4645-A57C-16F772F0FA5C}
[2012.08.14 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DEAB545B-3E0E-46FF-8C66-319BDB3FD443}
[2012.08.13 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A529FB1E-40DD-47D1-888F-D61B64AC0EB1}
[2012.08.13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1EB64AE1-6A77-4A9F-965B-6B5D0988B11D}
[2012.08.13 12:50:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F0FD0CE4-64A1-4756-9150-0435014F2AF4}
[2012.08.13 12:47:00 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09242CD1-8F7B-4997-9B03-98AAA9E50A74}
[2012.08.13 12:42:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6BF558A4-EEFA-469B-AB3C-A3A3243B5A06}
[2012.08.12 22:02:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C6134E32-3977-4D45-A949-5770D15B5568}
[2012.08.12 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{265D22C2-AC87-407B-B54C-445D16142163}
[2012.08.12 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0007927F-1B3B-493C-BA9C-9982351683E2}
[2012.08.11 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{16BC219E-1F4F-4D8A-B905-6D0FD6FF7F1E}
[2012.08.11 20:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4796B4-BB8A-4F1E-9B75-4566B1E06304}
[2012.08.10 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4D61EF-56FB-474A-ADF0-90F8850EBFF8}
[2012.08.10 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9850D84-C6DF-4A64-88C7-8CB1ED95D644}
[2012.08.10 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2AD0015B-D892-4404-B30F-38432CD275DB}
[2012.08.10 16:34:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A6ED1F27-6276-4714-81E8-4178289221DD}
[2012.08.10 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E5EBAA16-1448-449A-9443-3A4F2C142838}
[2012.08.10 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0B247A6C-5AD1-4D9C-B2F1-95B260617B94}
[2012.08.10 16:06:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2029247A-564D-40BC-AE0B-D9A4F9AF0CE3}
[2012.08.10 08:59:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B0FA90AC-B680-49AF-B968-C575ED8EE9C1}
[2012.08.10 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9A65D1D6-98DD-4401-9AAF-5CCD1D1B4BB8}
[2012.08.09 23:09:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{10B1C940-9893-4F3D-B4EC-13E6C226FBC0}
[2012.08.09 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{98D3447D-AAE5-4F4F-8FFB-45367DA96458}
[2012.08.09 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{07844FC0-1D70-45B5-A8C0-40F0871EEEF8}
[2012.08.09 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{38A7E366-6DA0-492E-B7B6-72F6F84B4FA2}
[2012.08.09 22:32:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B57F4E3F-0AB9-4630-9310-30E0916C8546}
[2012.08.09 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{234097D9-2F21-4982-B1BD-0119E4BE6E83}
[2012.08.09 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C77C0E2-0FE9-4A41-B671-7D11E2157363}
[2012.08.09 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9234AFF-7823-4EC1-8085-BD81A84F8B42}
[2012.08.09 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A68F3D6C-5153-4324-9C8A-39AB0D09DAD7}
[2012.08.07 15:58:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{00C87FE3-57C1-42BC-9184-0B30F1009C12}
[2012.08.07 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{29736AA0-1648-4131-9276-3189EE78B609}
[2012.08.07 13:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.08.07 13:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.08.07 10:56:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72C83036-D81F-4BB7-8056-FE9F961B84DC}
[2012.08.07 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72DADEAC-5D0E-4795-804C-8480ED2FCD86}
[2012.08.07 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0031334B-26DF-4556-BA36-2567F4E93647}
[2012.08.07 00:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C82B9163-1957-4A14-9F6A-CD969AE552AC}
[2012.08.07 00:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{035ABF51-B01D-45A2-99C0-2B8467B10FBB}
[2012.08.06 19:32:51 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A63A484B-70BD-4A5B-8E9E-DC75513FFA94}
[2012.08.06 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BA786DBB-8021-42FF-A57C-EC0F5047EE42}
[2012.08.06 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{86965326-1D17-471B-8BAE-15E3044A65C7}
[2012.08.06 19:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.08.06 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{85690C93-B110-4CFD-A52A-867A05637366}
[2012.08.06 18:48:52 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.08.06 18:48:52 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.08.06 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{EB0D8360-DAD3-4A01-A8A4-FC8499CBA761}
[2012.08.06 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AE0A9576-389B-4E0F-84D2-A44F78C90302}
[2012.08.06 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{56F86133-E31C-40D2-9B0A-0672D5BC198A}
[2012.08.06 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9F732ED4-F573-405D-B7F0-639D72353837}
[2012.08.03 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{ADA8BDFD-0F54-4C7D-8E28-84336DC3B52F}
[2012.08.03 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AC10F047-2D0E-4B53-926F-241132F254CE}
[2012.08.02 11:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DA47A535-DD3F-4C5A-A7BE-123125559428}
[2012.08.02 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{33EAC64C-401A-4887-B0CD-A73F9FA87887}
[2012.08.02 11:02:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BB97C8AC-AA90-405B-BD9E-134EF8035520}
[2012.08.01 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{860AC8F7-DA3D-4250-8932-7224FD095D39}
[2012.08.01 23:46:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{8B53A927-1814-41F4-908E-0F2A3EF5C86D}
[2012.08.01 21:11:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6A08337E-A716-4D59-A95C-769B1F4D4AAD}
[2012.08.01 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{79DE48C0-9805-485D-9678-B5D035747196}
[2012.08.01 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B6663AAC-CC98-4FC7-8F39-4F19ED9152CC}
[2012.08.01 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F7B3B580-A777-4FDC-B9A0-4EC827DB72C8}
[2012.08.01 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F827077D-3F73-41AA-8563-B74E66891EC9}
[2012.08.01 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F65D0177-D47A-4BD0-9282-9DC3EF444870}
[2012.08.01 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{572C8788-618F-4208-B08F-79E1E3A1D458}
[2012.08.01 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9AFFFE7E-A738-450D-9D57-786D79AB0CEC}
[2012.08.01 17:07:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A9D4F693-72CC-4177-8603-0FA079EB2AA3}
[2012.08.01 17:07:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1E6646F1-6D28-4FA6-B736-AED03FC0E613}
[2012.08.01 14:56:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4E2197BD-3342-46A3-B903-3FE1065A1DAE}
[2012.08.01 14:56:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4F0A1B00-723D-4F8C-AFD1-AA9F7082744A}
[2012.08.01 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4917CD4-4A28-4F8A-A9ED-088EBD80710C}
[2012.08.01 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C8C35CAA-C2EC-4AF4-B972-B304387AB271}
[2012.08.01 13:52:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7F4AB77C-6877-43CE-9807-243184BC76BD}
[2012.08.01 13:52:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C15C71EE-50CA-4A57-8EF0-86085E0A3452}
[2012.08.01 12:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.08.01 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{08D68D36-3FD3-4986-B701-7171E1040859}
[2012.08.01 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{953F335F-D602-4C2D-A266-19FC4BF2DF6D}
[2012.08.01 09:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D96FBB31-0A06-4178-A0CA-E0917A56C63D}
[2012.08.01 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{689BD84C-1E6E-4BA1-B6E2-80486DE4B0F3}
[2012.08.01 01:33:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C90C69D-54E8-4B15-9F0F-0E1F474A3003}
[2012.08.01 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BD723880-BFA9-4F3C-AB34-75E5D546EA37}
[2012.08.01 01:19:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E25BC7DF-6F41-4690-9402-E11BF8FBE186}
[2012.08.01 01:19:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7332A06F-6BED-4449-B566-125471268C26}
[2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro
[2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro
[2012.08.01 00:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Pro
[2012.08.01 00:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.08.01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.08.01 00:09:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ManyCam
[2012.08.01 00:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.08.01 00:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\ManyCam
[2012.08.01 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\APN
[2012.08.01 00:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.08.01 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.07.31 23:48:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\WoW
[2012.07.31 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012.07.31 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09087301-0FC5-4574-AFC1-063A28384D37}
[2012.07.31 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A3504A6B-6B43-48BF-ADE9-F7E992D0FBDC}
[2012.07.31 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3728EC00-2B45-44C6-AADE-14B6449BF3A9}
[2012.07.31 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C7083A91-A51C-4622-A60B-E2F27A31759D}
[2012.07.30 11:25:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{FE078EA5-9B01-48A9-AD8A-174A3835B069}
[2012.07.30 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AF419906-4D9F-46FA-9662-1384C3BCAD64}
[2012.07.29 22:13:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{378C3D81-2C18-4C5A-8E1E-77B5DE9E3249}
[2012.07.29 22:12:42 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F782117-A36A-4F8A-8A9E-C9834E6CA2C7}
[2012.07.29 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3CACBB2B-E555-4A64-B504-5C16547C603C}
[2012.07.29 15:31:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7262FA37-7B44-4FA2-8140-161316BC2F90}
[1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.28 12:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 12:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\defogger_reenable
[2012.08.28 12:06:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 11:56:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.28 11:56:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.28 11:56:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.28 11:56:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.28 11:56:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.28 11:52:25 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 11:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 11:52:01 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 11:36:40 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\   Malwarebytes Anti-Malware   .lnk
[2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys
[2012.08.21 11:02:41 | 002,163,445 | ---- | M] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf
[2012.08.21 10:56:52 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.21 10:56:51 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.08.21 10:30:09 | 000,000,216 | ---- | M] () -- C:\Users\Dominik\Desktop\SweetPcFix.url
[2012.08.18 03:20:19 | 000,286,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.16 18:28:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.07 13:32:38 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.08.06 15:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll
[2012.08.02 00:10:28 | 000,000,017 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res
[2012.08.01 23:46:36 | 000,006,400 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll
[2012.08.01 13:15:29 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.08.01 00:10:07 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.07.31 23:47:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.31 13:31:26 | 000,000,018 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat
[1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.28 12:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\defogger_reenable
[2012.08.28 11:36:40 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\   Malwarebytes Anti-Malware   .lnk
[2012.08.21 11:02:34 | 002,163,445 | ---- | C] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf
[2012.08.21 10:56:52 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.21 10:56:51 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.08.21 10:30:09 | 000,000,216 | ---- | C] () -- C:\Users\Dominik\Desktop\SweetPcFix.url
[2012.08.15 11:09:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.01 23:46:36 | 000,006,400 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll
[2012.08.01 00:10:07 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.07.31 23:47:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.31 22:50:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.07.31 13:31:26 | 000,000,018 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat
[2012.07.28 21:33:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll
[2012.07.28 21:33:15 | 000,000,017 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res
[2012.04.30 13:28:52 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.02.29 21:46:42 | 1301,272,174 | ---- | C] () -- C:\Users\Dominik\SilkroadOnline_GlobalOfficial_v1_351_LEGEND_8.exe
[2012.02.02 18:27:26 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.02 18:27:26 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2012.01.29 21:41:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012.08.22 00:17:22 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ICQ
[2012.07.28 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\kock
[2012.02.04 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LolClient
[2012.08.01 00:10:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ManyCam
[2012.08.21 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\pdfforge
[2012.08.21 10:57:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software
[2012.07.28 21:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UAs
[2012.08.01 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\xmldm
[2012.07.21 02:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
         
EXTRAS:
Code:
ATTFilter
OTL Extras logfile created on: 28.08.2012 12:29:43 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free
8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS

Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E259EA-BF11-4541-BB08-B4356EDF6D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19B009B6-74F7-429F-B784-2BEFDC393965}" = lport=139 | protocol=6 | dir=in | app=system | 
"{244D7D3C-DBD1-46C6-AB0E-B933A9AB56EB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2D28D130-608D-4091-AC82-990C01CC522D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D3CC969-7661-4EEC-B90D-E0F35F701027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38E0FA51-44F3-4BC3-80E7-D65687862B07}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3FFAA57A-70C7-40FC-94A4-E52A56A3601E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E2373EB-DD85-4953-9EC9-BF119C0DAFC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4F5D5DD3-158C-4043-8B6E-DD9CE201E54E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{594A5207-C271-4E7F-85E7-E055DFA44B27}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 | 
"{5B12B54B-F45D-4DDB-9375-C8F841770295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BFC9C15-BA8B-451B-A2C2-B109F6337662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{621EA96B-5B7D-4D39-AED9-C008272FD025}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{670AFBBF-B189-419B-AD7A-F93977834C7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6BA214DE-6B15-4C1D-9AA2-3132EEC9BDC4}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{72D20341-A39A-43D0-90ED-595CF65EE480}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8087B877-C48F-422B-9C4D-209FC0B9CAD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{808B08D7-1CA8-4D4B-9A5F-7DDEF354C820}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{83CED0B6-F22C-428E-9D5B-D0921B2C5B79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84D57231-3C0C-440D-801E-80C8669A8EC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{91698BE0-F0D2-45E3-A30D-18349CB4B56D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{929A3E62-6D1E-4CBF-B528-7ED3A1E55E3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9731BDA6-92C8-4053-93B2-6D52A49E1601}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{A110EAF0-39D2-42CA-B90C-1854B17DC986}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A699B036-7E4F-4957-9CB5-5A8612747446}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A9588D78-67BF-4A12-B181-53FA576224BE}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port | 
"{C45F672A-055C-4094-A81E-3E33268F0CD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9488AC5-C7EC-4E3E-8737-795A47466D8E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CF46BD05-A098-4030-AC31-A571691D599C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D7D9076A-C896-4D6D-A7A4-3B8FFD30F3E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DBFD5D9C-469D-4A42-9ACD-957D45E6EFEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E105D083-6957-4681-9D65-0CBCE639629D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E25E6975-CCAD-4532-B8EB-3660F8986804}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{EC01D01E-D542-45D4-95C2-AB17B53D3069}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ED4B6021-1990-4238-A999-1BC222FB49A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F316006D-676F-41A3-A6D0-C96E3FB0D7A0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F6A9CCBE-7729-48B1-A885-B320E2EF3779}" = lport=53 | protocol=6 | dir=in | name=rtldns-port | 
"{F95ABC00-26AA-4A7E-B3F7-56715E77E20D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FC075A32-60D9-45E0-86D7-FD9D0461C9E5}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 | 
"{FDE59EEE-39A1-4E64-A2FA-BA1E8D4E0F5A}" = lport=137 | protocol=17 | dir=in | app=system | 

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011148A8-B22D-4A2E-8603-FD1301D7F681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02604856-2469-4B63-A1F7-92BDA47347FC}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{02A07994-58F8-4FA9-9109-98F39B62734E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{03E68AFF-C030-46BC-A7D4-B5B66147AABF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{06BFA27E-8257-481C-B05A-0FDA0D028921}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1D83992D-F104-48D8-AA83-D08AEDA1A78F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{1DF84089-1EFD-48A4-A009-121237C5F42D}" = protocol=6 | dir=out | app=system | 
"{2363BAAB-4BDE-4C91-A394-4EFFB3822762}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{2C946469-2FAB-4003-84FF-80D5286825A2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{377A57C5-5811-4643-A1A0-AD64F0BE5CC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{37E20A6F-B805-43B8-A783-E002741EA18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3D3D6384-7CA8-4C6E-BFC6-4F702513EC11}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | 
"{3E22EDEB-5CE3-41F7-9D14-0CD25E5A0C90}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{4559A80E-6CC0-4C7B-BCA9-9C6807ACC00E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4672AAA2-8B13-435D-8E49-59F671C425C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4910260B-9823-4C89-BA1F-6924F89D737E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4EB0BA9C-AE76-4D6D-AE0F-C52A813EF08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5179F720-6BE5-474B-8EED-02CF416EA7B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{594796F5-D6AC-4070-B564-9466FF789970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5AFDCAA7-A3BF-431C-960A-A60AB56F236B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{5BF3314E-3FFB-4159-8ABB-881BA3B57A35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5E1148BF-9077-489F-BC2A-795E571C4349}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{607E43D0-7423-4882-BAD1-ADDE00623C97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60DC9BB3-974E-4D56-9152-338DD89E05C0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{61E66727-5C76-4B38-AF26-98CB263FC2A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A1F79A0-F3BC-4D6A-AE69-81A2BAE7A91B}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{6BD03DBD-1C97-429C-B517-504B1699DE64}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{7199BFE8-1203-44D8-9993-2F43E64905A2}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{7472E6E0-E5BD-4414-9960-CB12D6E35F07}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{822FE985-EA50-4E7A-967F-BDBE9F7AAC30}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{8B6055DE-F1C2-4754-9E22-B39D36AD9ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{8CBB2022-1115-4B04-BF27-EC20760A7AAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{915E0EA5-C731-4B82-A6AD-80A15432425A}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{98059B26-519E-4C50-A199-BD74C43BC600}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2BBB699-4A80-496B-BA40-4B96700DFF22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A40C7C0B-3AF9-4A98-B973-7014C2B89FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{AEDE413B-6F4E-4256-B976-7F81270E200E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3946BC7-CEFF-439C-AD47-2F7E64A2066E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{C3C5A101-2BF4-40DD-959A-0CB35827ED0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C98F4849-A180-4536-8B45-B7C93C42DC35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CD59FA48-203B-4B9E-846E-34A33910CAA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{CD8488AC-B3FA-4CC4-B00A-F84A83EAC493}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CE39C1FD-0029-4CA0-B973-14409D7B8571}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{CF2A5A8B-124F-4945-B32C-372B9371AF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{D2B70495-DC8A-40AD-A840-A25807A089D5}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{D30C9440-8198-49F1-8944-085EEE70098F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D4F3C1D8-64E1-4B63-9A14-3580B8176E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{D5413057-675A-4BE6-AC66-3D74A2B06589}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E10B6E7A-7740-4AA4-83CD-D247A52C72B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E4247834-2FC0-404D-9C9B-4F20DB7A8774}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{E4D2B6BD-EFFF-4538-B4F8-C464A1649C54}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{E5B8117F-DC29-4886-847F-B641A8B6CF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EACA8257-5E8A-4235-AEFE-66B80F371BA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBBFCFCD-45E8-46DA-9FBD-E3C0B9DF06E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EF764ECC-ED4D-43A1-9284-75F7CBA99E92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F3163611-A6BD-45A4-9D42-E15CBBA59A90}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{FAD355B3-60E8-4536-959F-C5754D7B4348}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDE5B6B7-AA0C-42C6-AB37-D787957B03CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{0166F507-7DA3-491A-8DB1-E63A1B31F9F3}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{4B52ADA7-0160-44C1-9064-6D597E0E9048}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{90E0BA9E-A15A-41BE-B49B-544392BCE737}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe | 
"TCP Query User{92A20F08-92C7-40B1-85ED-0D53F2445D35}C:\users\dominik\desktop\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\srobot.exe | 
"TCP Query User{A3A9D230-18B4-466A-85DD-BA65C647DB83}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{BB3305F2-1C2B-432C-845D-990D1A934DA4}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{CA94B588-D3A7-40C3-9B35-D59972E4853A}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{CF5C20FD-4CF9-48C3-86DD-145C026F5AA5}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe | 
"TCP Query User{E3573D12-92EA-4B41-A839-7B7F3D4E1BA6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{E85DF1DE-E3F6-4D00-9116-B90810B3F7B5}C:\users\dominik\downloads\sro\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe | 
"TCP Query User{EAEF591F-B241-47AB-9B8E-0643FE39D36E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{F6AC5CC1-D90C-4FAC-AC99-6B2F91322859}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{F8704388-CA2D-4BB2-A5D3-EB2DA78EF0A8}C:\users\dominik\downloads\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\srobot.exe | 
"UDP Query User{0E95E684-AE93-42BC-8427-8F386286192B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{2F6F4088-2FBE-42E2-AA22-349DA8D2D723}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{3BC1ECA8-3D45-4436-A081-DA8B206D2B96}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{750E2F01-25B5-4135-B762-166C31E91537}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{785BAE2C-ED87-4F5D-949C-31442AA2E96C}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{917603E9-C845-4420-828C-F5D4A7D675FA}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe | 
"UDP Query User{93A51768-02CA-49DF-B037-CEAF0AC1F2BB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B181E1E1-3B40-4FE2-9783-B05748350720}C:\users\dominik\desktop\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\srobot.exe | 
"UDP Query User{CA4D8911-9DBC-4B15-A5C5-960A75BFD537}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{D1285684-05A8-4C86-B2E4-C1058982D02F}C:\users\dominik\downloads\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\srobot.exe | 
"UDP Query User{E176F75C-A3AB-4086-A7BB-145BCD9DE34D}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe | 
"UDP Query User{F0B1AD79-DBFC-44C3-80C7-F75192DC3A45}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F165D046-D577-4B8C-8A81-5A517793269D}C:\users\dominik\downloads\sro\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe | 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C8D55041-A13C-4620-8DF4-9C5A9C16908D}" = G Data TotalCare
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Azureus" = Azureus
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 3.0.80 (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Risk II_is1" = Risk II
"Silkroad" = Silkroad
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.08.2012 14:38:05 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Wow.exe, Version: 4.3.4.15595, Zeitstempel:
0x4f84d63a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa50 ID des fehlerhaften Prozesses:
0x10a0 Startzeit der fehlerhaften Anwendung: 0x01cd7014c89bb1a0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\World of Warcraft\Wow.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 07719980-dc08-11e1-a188-4061864b7971

Error - 01.08.2012 17:47:39 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x74c8e2c4 ID des fehlerhaften
Prozesses: 0x10f0 Startzeit der fehlerhaften Anwendung: 0x01cd702f1ee0a8d0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 8331e308-dc22-11e1-9efe-4061864b7971

Error - 01.08.2012 18:05:48 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 
0x73dbaa34 ID des fehlerhaften Prozesses: 0x1d30 Startzeit der fehlerhaften Anwendung:
0x01cd702f47dd78f8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung:
0c7d7dc8-dc25-11e1-9efe-4061864b7971

Error - 01.08.2012 18:38:41 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8e2c4 ID des fehlerhaften
Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01cd703271d6ed58 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a470eaf8-dc29-11e1-9efe-4061864b7971

Error - 01.08.2012 18:49:21 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 
0x70b4aa34 ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung:
0x01cd70366ff426c8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung:
21eb4dd8-dc2b-11e1-9efe-4061864b7971

Error - 01.08.2012 18:49:27 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 
0x70b4aa34 ID des fehlerhaften Prozesses: 0x12e8 Startzeit der fehlerhaften Anwendung:
0x01cd7034b10f6598 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung:
255a35d8-dc2b-11e1-9efe-4061864b7971

Error - 07.08.2012 07:14:38 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2760 Startzeit:
01cd74856d5cfb58 Endzeit: 650 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe

Berichts-ID:


Error - 09.08.2012 15:11:27 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13f8 Startzeit:
01cd765fff6642f8 Endzeit: 690 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe

Berichts-ID:


Error - 21.08.2012 04:41:04 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dominik\Downloads\SoftonicDownloader_for_risk-2.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 22.08.2012 07:37:17 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 166c Startzeit: 01cd805a61535e70 Endzeit: 14 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 

[ System Events ]
Error - 24.06.2012 15:37:41 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?06.?2012 um 21:35:48 unerwartet heruntergefahren.

Error - 24.06.2012 16:04:50 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?06.?2012 um 22:03:18 unerwartet heruntergefahren.

Error - 25.06.2012 15:57:10 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?06.?2012 um 21:55:08 unerwartet heruntergefahren.

Error - 28.06.2012 03:05:18 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?06.?2012 um 23:40:53 unerwartet heruntergefahren.

Error - 28.07.2012 17:20:48 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2012 um 23:18:47 unerwartet heruntergefahren.

Error - 28.07.2012 17:20:51 | Computer Name = DOMINIK-PC | Source = BugCheck | ID = 1001
Description = 

Error - 31.07.2012 19:18:21 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 01:15:50 unerwartet heruntergefahren.

Error - 31.07.2012 19:20:09 | Computer Name = Dominik-PC | Source = DCOM | ID = 10010
Description = 

Error - 31.07.2012 19:32:11 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 01:30:11 unerwartet heruntergefahren.

Error - 01.08.2012 08:55:46 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 14:32:34 unerwartet heruntergefahren.


< End of report >
         
Viiieeeelen Dank im Voraus

Alt 28.08.2012, 16:23   #2
markusg
/// Malware-holic
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.08.06 15:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll
[2012.08.01 23:46:36 | 000,006,400 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 28.08.2012, 20:38   #3
Dome1993
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll moved successfully.
C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Dominik
->Flash cache emptied: 27321 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dominik
->Temp folder emptied: 255521402 bytes
->Temporary Internet Files folder emptied: 901348640 bytes
->Java cache emptied: 801381 bytes
->Google Chrome cache emptied: 142661539 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 510735187 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36050696 bytes
RecycleBin emptied: 93872629 bytes
 
Total Files Cleaned = 1.851,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08282012_213216

Files\Folders moved on Reboot...
C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
Upload war erfolgreich
Ist der Virus jetzt weg ? :/
__________________

Geändert von Dome1993 (28.08.2012 um 20:44 Uhr)

Alt 28.08.2012, 20:39   #4
markusg
/// Malware-holic
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



sehr gut, weiter mit dem upload bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.08.2012, 21:24   #5
Dome1993
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



hab ich getan
virus jetzt weg ? :/


Alt 29.08.2012, 11:22   #6
markusg
/// Malware-holic
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



hi
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________
--> GVU Trojaner nach Backup

Alt 30.08.2012, 10:56   #7
Dome1993
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



jaa berufliches zahlungsabwicklungen und onlinebanking... warum das ? oO

konnte das jemand ausspionieren ? oO

Alt 30.08.2012, 19:40   #8
markusg
/// Malware-holic
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



bank bitte anrufen, onlinebanking wegen trojan.banker sperren lassen

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.08.2012, 22:06   #9
Dome1993
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



reicht das nicht den pin des onlinebanking zu ändern?

Alt 04.09.2012, 20:56   #10
markusg
/// Malware-holic
 
GVU Trojaner nach Backup - Standard

GVU Trojaner nach Backup



nein, sonst hätte ich das geschrieben.
außer du hast natürlich genug geld, ums mit fremden zu teilen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner nach Backup
acroiehelpe180.dll, antivirus, autorun, bho, browser, email, entfernen, error, excel, firefox, flash player, format, helper, home, homepage, iexplore.exe, install.exe, konto gesperrt, langs, logfile, msiexec.exe, ntdll.dll, nvidia update, realtek, registry, richtlinie, rundll, security, software, svchost.exe, sweetim, trojaner, usb, virus



Ähnliche Themen: GVU Trojaner nach Backup


  1. Seuche nach codec download auf Windows 7 PC / Acronis backup bricht ab
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (30)
  2. Nach Acronis True Image Backup Trojaner nicht entfernt!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (1)
  3. Kein RegBack Ordner für Registry Backup nach GVU Infektion
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  4. Windows Verschlüsselungs Trojaner und kein Backup
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (6)
  5. Backup Tool gezielt gegen Verschlüsselungs-Trojaner
    Diskussionsforum - 14.07.2012 (5)
  6. Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst
    Log-Analyse und Auswertung - 27.03.2012 (18)
  7. Datenwiederherstellung mit System-Backup nach Virenbefall
    Alles rund um Windows - 13.03.2012 (3)
  8. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  9. Trojaner auch nach Backup?
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (2)
  10. Trojanerfund nach Backup der Systemplatte
    Plagegeister aller Art und deren Bekämpfung - 15.06.2009 (1)
  11. Backup nach Virus
    Mülltonne - 20.11.2008 (0)
  12. Trojaner nach formatieren (durch Backup)
    Plagegeister aller Art und deren Bekämpfung - 17.05.2008 (2)
  13. Trojaner erkannt, Dateien gelöscht und im Backup gesichert, trotzdem Frage
    Plagegeister aller Art und deren Bekämpfung - 30.01.2008 (0)
  14. ? Backup ?
    Alles rund um Windows - 16.07.2007 (2)
  15. Need backup!
    Plagegeister aller Art und deren Bekämpfung - 02.07.2007 (5)
  16. Backup & Co
    Plagegeister aller Art und deren Bekämpfung - 17.07.2006 (1)

Zum Thema GVU Trojaner nach Backup - Hallo Trojaner Gemeinde. Bin den GVU Virus vor zwei Wochen durch Systemwiederherstellung(jedoch nur vom Vortag) vorzeitig losgeworden. Dachte ich. Hab jetzt gestern eine Email bekommen von einem Anbieter, dass mein - GVU Trojaner nach Backup...
Archiv
Du betrachtest: GVU Trojaner nach Backup auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.