Hej Leo,
vielen dank das du dich meinem Problem annimmst! Ich habe alles so ausgeführt wie du es beschrieben hast, dabei muss ich allerdings sagen, dass der Gmer Scan 13 std. gedauert hat. Deswegen konnte ich auch erst jetzt antworten weil der Gmer die ganze Nacht gescannt hat. Ist das normal oder liegt das an meinem Rechner?
Anbei die gewünschten Logs
OTL Code:
OTL logfile created on: 03.04.2013 09:36:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 63,04% Memory free
7,18 Gb Paging File | 5,79 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 25,86 Gb Free Space | 17,35% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 14,30 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.02 15:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.08 09:42:20 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.08.13 19:29:00 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.10.14 20:57:48 | 000,062,856 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2010.06.14 17:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009.08.30 11:31:02 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.21 13:18:29 | 000,540,576 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009.04.20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2009.04.18 01:04:32 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.04.07 19:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
PRC - [2009.04.07 19:02:10 | 003,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
PRC - [2009.04.02 20:49:12 | 000,211,512 | ---- | M] (ATK) -- C:\Program files\P4G\BatteryLife.exe
PRC - [2009.03.21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.03.04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.12.10 00:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.10.01 08:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.08.18 20:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2008.08.18 19:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.08.14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.07.19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.04.01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2006.05.04 07:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.08 09:42:20 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.10.14 20:57:48 | 000,062,856 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
MOD - [2010.10.14 20:56:52 | 000,278,920 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\ExplorerExt.dll
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010.02.10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009.03.24 13:10:19 | 001,034,784 | ---- | M] () -- C:\Windows\System32\RTCOM\RTCOMDLL.dll
MOD - [2009.02.04 18:44:20 | 000,023,040 | ---- | M] () -- C:\Program files\P4G\OvrClk.dll
MOD - [2008.08.28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.08.21 00:49:56 | 000,016,384 | ---- | M] () -- C:\Program files\P4G\DevMng.dll
MOD - [2008.06.09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
MOD - [2007.03.10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll
MOD - [2006.05.04 07:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe
MOD - [2006.05.04 07:58:38 | 001,239,040 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfdialogs100.bpl
MOD - [2006.05.04 07:58:38 | 000,237,056 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\expertpdf4core.bpl
MOD - [2006.05.04 07:58:36 | 003,014,656 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfcore100.bpl
MOD - [2006.05.04 07:58:36 | 001,026,048 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vsvector100.bpl
MOD - [2006.05.04 07:58:36 | 000,230,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfeditor100.bpl
MOD - [2006.04.15 07:34:26 | 000,568,320 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\TMSlite100.bpl
MOD - [2006.03.02 21:39:28 | 001,844,224 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\te100.bpl
MOD - [2006.03.02 21:33:18 | 000,444,928 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\VirtualTree100.bpl
MOD - [2006.03.02 21:28:36 | 000,139,776 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\uoolep100.bpl
MOD - [2006.03.02 21:01:50 | 000,071,168 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\VSDesktop100.bpl
MOD - [2006.03.02 20:57:48 | 000,383,488 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\visage100.bpl
MOD - [2006.03.02 20:55:22 | 000,089,088 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vsmisc100.bpl
MOD - [2005.12.26 14:20:52 | 002,098,176 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\PKIECtrl100.bpl
MOD - [2003.08.22 08:23:16 | 000,225,792 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\sqlite.dll
========== Services (SafeList) ==========
SRV - [2013.03.25 16:53:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 09:42:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.04.07 19:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 17:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010.04.27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.08.30 11:41:16 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009.04.01 23:12:48 | 000,233,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009.03.17 13:17:05 | 000,140,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.02.18 05:01:34 | 001,093,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.24 10:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008.11.13 03:02:17 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.11.04 19:15:59 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.11.03 09:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.08.25 12:22:51 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.04.07 08:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.07.18 12:32:14 | 000,154,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.09.28 14:10:52 | 000,011,648 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gggen.sys -- (gggen)
DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN30576177832836329&UM=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=b940b365-8d10-4c36-abd8-efafc7c002c9&apn_sauid=F99C7E53-0C37-45FA-95B2-8A377E4BBEA9
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN30576177832836329&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "entrusted Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN25335354591968129&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN25335354591968129&UM=2&q="
FF - prefs.js..network.proxy.http: "209.249.158.197"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Manu\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.25 14:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.12 09:36:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 09:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.21 12:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.12 09:36:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 09:42:13 | 000,000,000 | ---D | M]
[2009.09.25 19:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions
[2013.03.12 09:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qj5id3w1.default\extensions
[2012.08.22 14:25:53 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qj5id3w1.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012.12.11 19:50:57 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.08.13 19:36:40 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
[2013.02.15 00:38:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.05 14:47:07 | 000,002,404 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\searchplugins\askcom.xml
[2013.03.12 09:31:05 | 000,000,995 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\searchplugins\conduit.xml
[2012.06.15 08:55:39 | 000,000,950 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\searchplugins\icqplugin-1.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\searchplugins\icqplugin.xml
[2012.03.06 18:08:49 | 000,002,112 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qj5id3w1.default\searchplugins\wot-safe-search.xml
[2013.03.20 19:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.10.10 12:30:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.03.08 09:42:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.09.22 10:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2009.03.24 12:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2013.01.31 20:09:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.31 20:09:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.31 20:09:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.31 20:09:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.31 20:09:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.31 20:09:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN23701606179127309&ctid=CT3281675&UM=2
CHR - default_search_provider: suggest_url = hxxp://suggest.search.conduit.com/Suggest.ashx?q=[{searchTerms}]
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN23701606179127309&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: entrusted = C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.524_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Google Mail = C:\Users\Manu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DisableS3S4] c:\DisableS3S4.cmd File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [EssentialPIM] C:\Program Files\EssentialPIM\EssentialPIM.exe ()
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{172A5153-6A55-41C8-A5F2-1088EA5E628F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9754C7AD-6F37-4E4C-AEBD-0C218E32262E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d5e2947f-1cd5-11e2-8694-90e6ba19f790}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e2947f-1cd5-11e2-8694-90e6ba19f790}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{e40d65e0-973b-11df-abb4-90e6ba19f790}\Shell - "" = AutoRun
O33 - MountPoints2\{e40d65e0-973b-11df-abb4-90e6ba19f790}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.02 15:30:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
[2013.04.01 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\Desktop\Anhänge_201341
[2013.03.26 19:04:27 | 000,000,000 | ---D | C] -- C:\Users\Manu\Bücherdatenbank
[2013.03.25 12:03:43 | 000,000,000 | ---D | C] -- C:\Users\Manu\Desktop\Anhänge_2013325
[2013.03.20 19:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.03.20 19:33:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.18 20:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.17 15:06:54 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Canon
[2013.03.17 15:06:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013.03.17 15:02:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.03.17 15:01:45 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2013.03.17 15:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX330 series
[2013.03.17 15:01:28 | 000,274,432 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC330L.DLL
[2013.03.17 15:01:28 | 000,192,512 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNC330O.DLL
[2013.03.17 15:01:28 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.DLL
[2013.03.17 15:01:27 | 001,331,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC330C.DLL
[2013.03.17 15:01:27 | 000,098,304 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC330I.DLL
[2013.03.17 15:00:52 | 000,236,032 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9P.DLL
[2013.03.17 15:00:35 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiTH.DLL
[2013.03.17 15:00:35 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiKR.DLL
[2013.03.17 15:00:35 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiTW.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiUS.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiSE.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiRU.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiPT.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiPL.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiNL.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiIT.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiID.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiGR.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiFR.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiFI.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiES.DLL
[2013.03.17 15:00:34 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiDE.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiTR.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiNO.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiJP.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiHU.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiDK.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiCZ.DLL
[2013.03.17 15:00:34 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiAR.DLL
[2013.03.17 15:00:34 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLiCN.DLL
[2013.03.17 15:00:32 | 000,225,792 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCF2Li.DLL
[2013.03.17 15:00:32 | 000,167,936 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFMSi.EXE
[2013.03.17 15:00:27 | 000,178,176 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMIU9P.DLL
[2013.03.17 15:00:18 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.03.13 00:41:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.13 00:41:24 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.12 23:55:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\Desktop\Anhänge_2013312
[2013.03.12 09:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013.03.12 09:32:15 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Conduit
[2013.03.12 09:31:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\CRE
[2013.03.11 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\PDF Architect
[2013.03.11 22:45:03 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2013.03.08 09:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.05 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\APN
[2011.04.11 18:40:44 | 064,616,840 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\Manu\FreeStudio.exe
[2011.04.11 11:44:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Manu\spybotsd162.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Manu\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Manu\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Manu\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Manu\AppData\Local\bass.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.03 09:34:55 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.03 09:34:55 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.03 09:34:55 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.03 09:34:55 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.03 09:29:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 09:29:39 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.04.03 09:29:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 09:29:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 09:29:24 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\PWNYESGL.job
[2013.04.03 09:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 09:28:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 09:02:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.02 19:16:19 | 598,642,136 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.02 16:01:28 | 000,377,856 | ---- | M] () -- C:\Users\Manu\Desktop\esmoz4s4.exe
[2013.04.02 15:31:59 | 000,000,000 | ---- | M] () -- C:\Users\Manu\defogger_reenable
[2013.04.02 15:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe
[2013.04.02 15:30:14 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe
[2013.04.02 07:28:01 | 000,000,957 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.01 19:44:43 | 002,237,647 | ---- | M] () -- C:\Users\Manu\Desktop\Anhänge_201341.zip
[2013.03.28 10:56:14 | 000,211,486 | ---- | M] () -- C:\Users\Manu\Desktop\8557017636_a52c03f929_o.jpg
[2013.03.28 00:13:09 | 000,089,600 | ---- | M] () -- C:\Users\Manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.25 22:52:36 | 000,415,498 | ---- | M] () -- C:\Users\Manu\Desktop\0154.jpg
[2013.03.25 16:53:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.25 16:53:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.25 12:02:29 | 005,629,942 | ---- | M] () -- C:\Users\Manu\Desktop\Anhänge_2013325.zip
[2013.03.21 18:57:58 | 001,423,147 | ---- | M] () -- C:\Users\Manu\Desktop\2013-03-21 17.36.21.jpg
[2013.03.21 17:53:14 | 001,181,682 | ---- | M] () -- C:\Users\Manu\Desktop\2013-03-21 17.35.40.jpg
[2013.03.21 16:51:02 | 000,361,130 | ---- | M] () -- C:\Users\Manu\Desktop\8570322356_c33155b0ef_o.jpg
[2013.03.20 17:46:53 | 000,192,061 | ---- | M] () -- C:\Users\Manu\Desktop\0159.jpg
[2013.03.20 17:45:03 | 000,447,201 | ---- | M] () -- C:\Users\Manu\Desktop\0256.jpg
[2013.03.20 17:43:51 | 000,347,699 | ---- | M] () -- C:\Users\Manu\Desktop\0249.jpg
[2013.03.19 20:48:29 | 001,912,747 | ---- | M] () -- C:\Users\Manu\Desktop\SMS Ostfriesland1.jpg
[2013.03.18 12:21:48 | 000,427,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.14 15:26:37 | 000,015,689 | ---- | M] () -- C:\Users\Manu\Desktop\Literaturliste.pdf
[2013.03.14 15:18:37 | 000,004,096 | -H-- | M] () -- C:\Users\Manu\AppData\Local\keyfile3.drm
[2013.03.13 22:03:34 | 004,313,907 | ---- | M] () -- C:\Users\Manu\Desktop\Edelweißaufsatz.pdf
[2013.03.13 19:43:52 | 014,864,714 | ---- | M] () -- C:\Users\Manu\Desktop\Leiber in Tirol.pdf
[2013.03.13 00:41:13 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.13 00:41:12 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.13 00:41:12 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.13 00:41:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.13 00:41:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.13 00:41:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.13 00:24:33 | 001,693,738 | ---- | M] () -- C:\Users\Manu\Desktop\Der Krieg 1914-1917 in Wort und Bild, Heft 123.rar
[2013.03.12 09:32:30 | 000,000,009 | ---- | M] () -- C:\END
[2013.03.11 19:02:34 | 000,101,914 | ---- | M] () -- C:\Users\Manu\Feldpost - Willy Langer.rar
[2013.03.10 19:28:47 | 000,354,435 | ---- | M] () -- C:\Users\Manu\Desktop\7xhqbrjejqfc.jpg
[2013.03.10 18:58:34 | 000,634,740 | ---- | M] () -- C:\Users\Manu\Desktop\The King is coming.jpg
[2013.03.08 08:32:34 | 000,877,646 | ---- | M] () -- C:\Users\Manu\Desktop\Kraus_Edelweiss drawings.jpg
[2013.03.07 19:04:09 | 000,143,872 | RHS- | M] () -- C:\Windows\System32\wuapiy.dll
[2013.03.06 21:20:57 | 001,185,016 | ---- | M] () -- C:\Users\Manu\Desktop\Gruppenaufnahme.jpg
[2013.03.06 19:42:46 | 000,633,371 | ---- | M] () -- C:\Users\Manu\Desktop\Kaiserj+ñger.jpg
[2013.03.04 10:34:34 | 001,185,873 | ---- | M] () -- C:\Users\Manu\Desktop\Portrait Maschinengewehrkompanie_r++ck.jpg
[2013.03.04 10:29:23 | 001,356,575 | ---- | M] () -- C:\Users\Manu\Desktop\Edelweiss Portrait_r++ck.jpg
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.02 19:14:38 | 598,642,136 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.02 16:01:28 | 000,377,856 | ---- | C] () -- C:\Users\Manu\Desktop\esmoz4s4.exe
[2013.04.02 15:31:59 | 000,000,000 | ---- | C] () -- C:\Users\Manu\defogger_reenable
[2013.04.02 15:30:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe
[2013.04.01 19:44:34 | 002,237,647 | ---- | C] () -- C:\Users\Manu\Desktop\Anhänge_201341.zip
[2013.03.28 10:39:45 | 000,211,486 | ---- | C] () -- C:\Users\Manu\Desktop\8557017636_a52c03f929_o.jpg
[2013.03.25 22:52:35 | 000,415,498 | ---- | C] () -- C:\Users\Manu\Desktop\0154.jpg
[2013.03.25 12:02:13 | 005,629,942 | ---- | C] () -- C:\Users\Manu\Desktop\Anhänge_2013325.zip
[2013.03.21 18:54:12 | 001,423,147 | ---- | C] () -- C:\Users\Manu\Desktop\2013-03-21 17.36.21.jpg
[2013.03.21 18:54:12 | 001,181,682 | ---- | C] () -- C:\Users\Manu\Desktop\2013-03-21 17.35.40.jpg
[2013.03.21 16:51:02 | 000,361,130 | ---- | C] () -- C:\Users\Manu\Desktop\8570322356_c33155b0ef_o.jpg
[2013.03.20 17:46:36 | 000,192,061 | ---- | C] () -- C:\Users\Manu\Desktop\0159.jpg
[2013.03.20 17:44:59 | 000,447,201 | ---- | C] () -- C:\Users\Manu\Desktop\0256.jpg
[2013.03.20 17:43:48 | 000,347,699 | ---- | C] () -- C:\Users\Manu\Desktop\0249.jpg
[2013.03.19 20:48:28 | 001,912,747 | ---- | C] () -- C:\Users\Manu\Desktop\SMS Ostfriesland1.jpg
[2013.03.17 15:01:27 | 000,013,568 | ---- | C] () -- C:\Windows\System32\CNC1737D.TBL
[2013.03.14 15:26:36 | 000,015,689 | ---- | C] () -- C:\Users\Manu\Desktop\Literaturliste.pdf
[2013.03.13 22:03:18 | 004,313,907 | ---- | C] () -- C:\Users\Manu\Desktop\Edelweißaufsatz.pdf
[2013.03.13 19:43:18 | 014,864,714 | ---- | C] () -- C:\Users\Manu\Desktop\Leiber in Tirol.pdf
[2013.03.13 00:24:32 | 001,693,738 | ---- | C] () -- C:\Users\Manu\Desktop\Der Krieg 1914-1917 in Wort und Bild, Heft 123.rar
[2013.03.12 09:30:47 | 000,000,009 | ---- | C] () -- C:\END
[2013.03.11 19:02:34 | 000,101,914 | ---- | C] () -- C:\Users\Manu\Feldpost - Willy Langer.rar
[2013.03.10 19:28:46 | 000,354,435 | ---- | C] () -- C:\Users\Manu\Desktop\7xhqbrjejqfc.jpg
[2013.03.10 18:41:30 | 000,634,740 | ---- | C] () -- C:\Users\Manu\Desktop\The King is coming.jpg
[2013.03.08 09:32:51 | 000,877,646 | ---- | C] () -- C:\Users\Manu\Desktop\Kraus_Edelweiss drawings.jpg
[2013.03.07 19:04:09 | 000,143,872 | RHS- | C] () -- C:\Windows\System32\wuapiy.dll
[2013.03.07 19:04:09 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\PWNYESGL.job
[2013.03.06 21:19:32 | 001,185,016 | ---- | C] () -- C:\Users\Manu\Desktop\Gruppenaufnahme.jpg
[2013.03.06 21:19:32 | 000,633,371 | ---- | C] () -- C:\Users\Manu\Desktop\Kaiserj+ñger.jpg
[2013.03.04 10:20:32 | 001,185,873 | ---- | C] () -- C:\Users\Manu\Desktop\Portrait Maschinengewehrkompanie_r++ck.jpg
[2013.03.04 10:20:32 | 000,637,057 | ---- | C] () -- C:\Users\Manu\Desktop\Portrait Maschinengewehrkompanie.jpg
[2013.03.04 10:20:32 | 000,573,626 | ---- | C] () -- C:\Users\Manu\Desktop\Pionierbr++cke am Szudruck Pass.jpg
[2013.03.04 10:20:31 | 001,356,575 | ---- | C] () -- C:\Users\Manu\Desktop\Edelweiss Portrait_r++ck.jpg
[2013.03.04 10:20:31 | 000,800,756 | ---- | C] () -- C:\Users\Manu\Desktop\Edelweiss Portrait.jpg
[2013.02.22 00:38:45 | 002,436,706 | ---- | C] () -- C:\Users\Manu\How drunk do you have to be to try this_.mp4
[2013.01.31 11:07:18 | 000,002,864 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 00:13:03 | 000,001,137 | ---- | C] () -- C:\Users\Manu\Bildbestellung.html
[2013.01.09 16:49:58 | 285,986,064 | ---- | C] () -- C:\Users\Manu\oma_andreas fotobuch.cpr
[2013.01.09 16:01:49 | 251,246,278 | ---- | C] () -- C:\Users\Manu\oma fotobuch.cpr
[2012.11.19 00:44:22 | 000,122,047 | ---- | C] () -- C:\Users\Manu\polizei3.jpg
[2012.11.19 00:44:22 | 000,113,058 | ---- | C] () -- C:\Users\Manu\polizei4.jpg
[2012.11.19 00:44:22 | 000,032,910 | ---- | C] () -- C:\Users\Manu\polizei1.jpg
[2012.11.19 00:44:22 | 000,029,174 | ---- | C] () -- C:\Users\Manu\polizei2.jpg
[2012.06.15 08:54:02 | 000,210,112 | ---- | C] () -- C:\Users\Manu\bookmarks-2012-06-15.json
[2012.03.26 13:06:54 | 009,109,564 | ---- | C] () -- C:\Users\Manu\Avenged.wav
[2012.03.04 23:13:14 | 000,037,406 | ---- | C] () -- C:\Users\Manu\f5lMjXeOKDod133084850049P1108.jpg
[2012.03.04 23:13:06 | 000,036,103 | ---- | C] () -- C:\Users\Manu\gsq4E5GJ16Xo133084849675P1108.jpg
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.23 15:56:00 | 000,226,846 | ---- | C] () -- C:\Users\Manu\Bild3.jpg
[2012.02.23 15:55:47 | 000,227,391 | ---- | C] () -- C:\Users\Manu\Bild2 (2).jpg
[2012.02.23 15:44:27 | 000,131,099 | ---- | C] () -- C:\Users\Manu\Bild1 (3).jpg
[2012.02.20 16:14:02 | 000,117,145 | ---- | C] () -- C:\Users\Manu\stack shit.jpg
[2012.02.15 21:30:53 | 000,208,672 | ---- | C] () -- C:\Users\Manu\Bild1 (2).jpg
[2012.02.15 20:02:41 | 000,194,329 | ---- | C] () -- C:\Users\Manu\4464.JPG
[2012.02.08 13:59:18 | 000,165,506 | ---- | C] () -- C:\Users\Manu\Erfurt_HA.pdf
[2012.01.26 11:51:12 | 002,690,423 | ---- | C] () -- C:\Users\Manu\MobergMarcus.pdf
[2012.01.24 14:18:08 | 000,014,395 | ---- | C] () -- C:\Users\Manu\Lebenslauf Immanuel Voigt.pdf
[2011.12.25 15:23:02 | 000,032,473 | ---- | C] () -- C:\Users\Manu\breuning-eheringe-trauringe-48-07019-48-07020-48-07019-48-07020-725-1-pop_1.jpg
[2011.12.24 14:48:57 | 003,412,553 | ---- | C] () -- C:\Users\Manu\DSC00323.JPG
[2011.12.24 14:48:57 | 003,038,449 | ---- | C] () -- C:\Users\Manu\DSC00322.JPG
[2011.12.24 14:48:57 | 003,024,196 | ---- | C] () -- C:\Users\Manu\DSC00324.JPG
[2011.12.24 14:48:57 | 002,565,552 | ---- | C] () -- C:\Users\Manu\DSC00321.JPG
[2011.12.20 17:28:58 | 000,088,976 | ---- | C] () -- C:\Users\Manu\z-bild3.php.jpg
[2011.12.20 17:26:37 | 000,105,973 | ---- | C] () -- C:\Users\Manu\funny-santa-cartoon.jpg
[2011.12.20 17:23:27 | 000,080,530 | ---- | C] () -- C:\Users\Manu\z-bild2.php.jpg
[2011.12.20 17:22:25 | 000,170,704 | ---- | C] () -- C:\Users\Manu\Catching-Snowflakes-On-Your-Tongue.jpg
[2011.12.20 17:20:18 | 000,081,303 | ---- | C] () -- C:\Users\Manu\z-bild.php.jpg
[2011.12.20 17:17:03 | 000,075,144 | ---- | C] () -- C:\Users\Manu\u-bild.php.jpg
[2011.12.20 17:12:41 | 000,436,398 | ---- | C] () -- C:\Users\Manu\santa-girl-wallpapers_26030_1920x1200.jpg
[2011.12.08 22:23:04 | 001,549,989 | ---- | C] () -- C:\Users\Manu\Magisterarbeit komplett.pdf
[2011.10.20 12:48:41 | 000,088,099 | ---- | C] () -- C:\Users\Manu\n-bild2.php.jpg
[2011.10.20 00:24:32 | 000,039,841 | ---- | C] () -- C:\Users\Manu\828bcb88b78d3dac4087bb74c7f2d_9601.jpg
[2011.10.19 23:59:12 | 000,062,366 | ---- | C] () -- C:\Users\Manu\real dean.php.jpg
[2011.10.19 23:45:48 | 000,041,784 | ---- | C] () -- C:\Users\Manu\dean.php.jpg
[2011.10.13 18:35:41 | 000,067,044 | ---- | C] () -- C:\Users\Manu\wtf.jpg
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.28 17:52:41 | 000,186,411 | ---- | C] () -- C:\Users\Manu\cheater2.jpg
[2011.09.27 14:13:34 | 000,136,643 | ---- | C] () -- C:\Users\Manu\How Great Is Your Faithfulness.pdf
[2011.08.31 14:42:26 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.08.31 00:18:09 | 000,154,592 | ---- | C] () -- C:\Users\Manu\Bild4.jpg
[2011.08.29 15:28:11 | 004,547,968 | ---- | C] () -- C:\Users\Manu\Macbeth 1-10_0001.zip
[2011.08.07 08:40:00 | 445,476,694 | ---- | C] () -- C:\Users\Manu\coh_mod_heeresgruppe_nord_www.customMaps.de.rar
[2011.08.03 17:18:37 | 000,322,640 | ---- | C] () -- C:\Users\Manu\Hugo.mp3
[2011.08.03 10:04:35 | 000,001,429 | ---- | C] () -- C:\Users\Manu\AppData\Local\RecConfig.xml
[2011.06.21 17:50:02 | 000,260,682 | ---- | C] () -- C:\Users\Manu\Bild2.jpg
[2011.06.21 17:49:29 | 000,268,932 | ---- | C] () -- C:\Users\Manu\pffff.jpg
[2011.05.31 14:29:09 | 000,029,103 | ---- | C] () -- C:\Users\Manu\sync hack 11th.rec
[2011.05.25 16:43:07 | 000,153,446 | ---- | C] () -- C:\Users\Manu\cheater.jpg
[2011.05.19 20:32:08 | 000,209,820 | ---- | C] () -- C:\Users\Manu\möchtegern labertasche.jpg
[2011.05.19 18:53:00 | 000,072,367 | ---- | C] () -- C:\Users\Manu\Verhaltenskodex.pdf
[2011.05.17 23:19:45 | 079,414,779 | ---- | C] () -- C:\Users\Manu\Hassle_Vagrant_Sampler.zip
[2011.04.19 00:27:29 | 001,411,787 | ---- | C] () -- C:\Users\Manu\maphack from tittenfick.rec
[2011.04.07 23:44:16 | 003,320,654 | ---- | C] () -- C:\Users\Manu\DSC09282.JPG
[2011.04.07 23:44:16 | 003,297,533 | ---- | C] () -- C:\Users\Manu\DSC09283.JPG
[2011.04.07 23:44:16 | 003,232,320 | ---- | C] () -- C:\Users\Manu\DSC09286.JPG
[2011.04.07 23:44:16 | 003,151,284 | ---- | C] () -- C:\Users\Manu\DSC09285.JPG
[2011.04.07 23:44:16 | 002,817,811 | ---- | C] () -- C:\Users\Manu\DSC09284.JPG
[2011.04.06 09:58:22 | 000,061,762 | ---- | C] () -- C:\Users\Manu\übel.jpg
[2011.04.04 18:43:43 | 000,217,860 | ---- | C] () -- C:\Users\Manu\Bild1.jpg
[2011.03.28 12:17:37 | 000,521,251 | ---- | C] () -- C:\Users\Manu\girokonto_einzelantrag.pdf
[2011.03.21 11:03:55 | 061,149,134 | ---- | C] () -- C:\Users\Manu\Billy_Talent_III.zip
[2011.03.21 11:02:57 | 004,926,375 | ---- | C] () -- C:\Users\Manu\10_A_Day_To_Remember_If_I_Leave.wma
[2011.03.21 11:01:26 | 004,962,169 | ---- | C] () -- C:\Users\Manu\14_Times_Of_Grace_Willing_(Acoustic_Version).wma
[2011.03.21 10:59:13 | 007,544,518 | ---- | C] () -- C:\Users\Manu\4_Emil_Bulls_All_In_Tune_With_The_Universe.mp3
[2011.03.04 13:51:12 | 001,269,653 | ---- | C] () -- C:\Users\Manu\Lyon 2vs2.rec
[2011.02.08 22:58:35 | 001,691,088 | ---- | C] () -- C:\Users\Manu\tcmd655a.exe
[2010.11.24 18:10:55 | 009,062,874 | ---- | C] () -- C:\Users\Manu\Strength In Numbers.mp3
[2010.10.28 09:32:28 | 001,227,499 | ---- | C] () -- C:\Users\Manu\Quo Vadis.rar
[2010.10.21 22:16:17 | 002,904,587 | ---- | C] () -- C:\Users\Manu\DSC08914.JPG
[2010.10.11 22:07:36 | 067,826,994 | ---- | C] () -- C:\Users\Manu\Portable_CS1.6.exe
[2010.09.08 17:03:16 | 000,062,320 | ---- | C] () -- C:\Users\Manu\hanse.zip
[2010.08.17 10:53:33 | 000,004,096 | -H-- | C] () -- C:\Users\Manu\AppData\Local\keyfile3.drm
[2010.06.07 15:01:23 | 000,000,680 | ---- | C] () -- C:\Users\Manu\AppData\Local\d3d9caps.dat
[2010.03.02 23:41:06 | 004,533,465 | ---- | C] () -- C:\Users\Manu\Alu Fliegt (480 x 360).mp4
[2010.02.18 19:36:28 | 000,023,552 | ---- | C] () -- C:\Users\Manu\AppData\Local\WebpageIcons.db
[2010.01.30 00:25:15 | 000,001,709 | ---- | C] () -- C:\Users\Manu\xp-AntiSpy.lnk
[2009.10.10 13:19:43 | 000,089,600 | ---- | C] () -- C:\Users\Manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.25 20:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.10 19:11:19 | 000,117,896 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.10 19:04:18 | 000,117,896 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Manu\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Manu\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Manu\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Manu\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Manu\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Manu\AppData\Local\no23xwrapper.dll
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.08.30 11:41:48 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Manu\How drunk do you have to be to try this_.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Manu\Alu Fliegt (480 x 360).mp4:TOC.WMV
< End of report >
OTL Extras Code:
OTL Extras logfile created on: 03.04.2013 09:36:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 63,04% Memory free
7,18 Gb Paging File | 5,79 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 25,86 Gb Free Space | 17,35% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 14,30 Gb Free Space | 10,41% Space Free | Partition Type: NTFS
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1070E6AC-6C0B-49F9-8D39-5C76DD20BBE8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{77DABF47-87F3-4E33-B340-D38B2D36AC4B}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{B7EB17D8-9CEF-44DB-BDE1-16FA41D9E85C}" = lport=36055 | protocol=6 | dir=in | name=windows core service |
"{E24010B4-435D-47D6-B347-DDCFAA553810}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4476BBEB-C1DF-45DF-8E42-247563F2D2EC}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{4CBC0A76-4B9C-46FD-AB46-04E942734B13}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{576F462D-25B2-41BF-8AE1-A53F5CF17A39}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{5A28DCC2-82E6-4A62-8220-2FF5649AC75B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5CCF57BA-CB6D-40DA-9432-12029BA946D4}" = protocol=17 | dir=in | app=d:\codemasters\dirt 3\dirt3_game.exe |
"{6B32C81B-862D-453D-984D-48E003634429}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{6D2AEE2C-6BD1-4F98-9EBC-4C327C6EBE97}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{956CF3CD-43EA-4DCA-A6B0-560CD934CD2F}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{9A2F4318-0323-4A14-AC96-49F0CB9C4CF3}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{9FC80102-A723-4072-BAD6-A7293A4D487D}" = protocol=6 | dir=in | app=d:\codemasters\dirt 3\dirt3_game.exe |
"{B80A6167-345C-4A50-AD84-FB34E0F63CE1}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{C0DF0B16-B0DA-4843-A686-9B03FAD587B2}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D085DA37-6F31-4FF2-A368-284D3CFDBE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1196DA2-7DEA-4FFF-B0C0-3E9572C9353F}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D8D8D436-3FBF-40B4-B67F-E1BBF196F066}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9CE6315-CA1E-4BE9-874F-038E431C5533}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{E33A5D22-6078-40BB-948E-6877623F07C1}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe |
"{E82C2967-05FA-4F05-B076-D7514C6EB3D5}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{EA2CF1BC-6479-4C5B-BD30-5CE136B729EC}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{ED3076DC-4AEA-44CE-96B6-8BDAFB4C269B}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3A608351-5980-4A47-AE08-3742C55B4016}" = Windows Live Family Safety
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018202}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000038201}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000038202}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FEB6D7-9C52-49FC-B956-7AB275B78890}" = ASUS FancyStart
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DC1674-B5E8-4364-009E-B350048DD006}" = NHL06
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DC35EF73-C7BD-4452-A793-4269990E1EA3}" = Windows Live Movie Maker-Betaversion
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 2.0
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blitzkrieg" = Blitzkrieg Mod
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.11.02.00)
"Der Erste Weltkrieg" = Der Erste Weltkrieg
"Eastern Front" = Eastern Front
"Elantech" = ETDWare PS/2-x86 7.0.5.3 WHQL
"EssentialPIM" = EssentialPIM
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.6.221
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"FSHED - Funduc Software Hex Editor - 32-bit_is1" = FSHED
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mario Forever 5.05" = Mario Forever 5.05
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rune" = Rune
"Smart PDF Creator Pro_is1" = Smart PDF Creator Pro 5.1.0.397
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 UVC 1.3M WebCam" = USB 2.0 UVC 1.3M WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WM Recorder 1414.9" = WM Recorder 14
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2013 04:25:46 | Computer Name = Manu-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.03.2013 13:39:51 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.03.2013 13:49:05 | Computer Name = Manu-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.03.2013 04:28:05 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2013 04:28:20 | Computer Name = Manu-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.04.2013 12:51:41 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.04.2013 13:06:08 | Computer Name = Manu-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.04.2013 01:25:22 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.04.2013 01:25:41 | Computer Name = Manu-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.04.2013 10:13:00 | Computer Name = Manu-PC | Source = Perflib | ID = 1010
Description =
Error - 02.04.2013 13:16:23 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.04.2013 03:30:07 | Computer Name = Manu-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.04.2013 03:30:20 | Computer Name = Manu-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 02.04.2013 13:14:38 | Computer Name = Manu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.04.2013 um 19:12:24 unerwartet heruntergefahren.
Error - 02.04.2013 13:14:51 | Computer Name = Manu-PC | Source = HTTP | ID = 15016
Description =
Error - 02.04.2013 13:16:00 | Computer Name = Manu-PC | Source = DCOM | ID = 10016
Description =
Error - 02.04.2013 13:16:25 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 02.04.2013 13:19:49 | Computer Name = Manu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 03.04.2013 03:29:04 | Computer Name = Manu-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 03.04.2013 03:29:23 | Computer Name = Manu-PC | Source = HTTP | ID = 15016
Description =
Error - 03.04.2013 03:30:09 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 03.04.2013 03:30:34 | Computer Name = Manu-PC | Source = DCOM | ID = 10016
Description =
Error - 03.04.2013 03:32:07 | Computer Name = Manu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
und Gmer Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-03 09:17:12
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000066 Hitachi_ rev.FB4O 298,09GB
Running: esmoz4s4.exe; Driver: C:\Users\Manu\AppData\Local\Temp\kwtdypog.sys
---- System - GMER 2.1 ----
SSDT 90CD7936 ZwCreateSection
SSDT 90CD7940 ZwRequestWaitReplyPort
SSDT 90CD793B ZwSetContextThread
SSDT 90CD7945 ZwSetSecurityObject
SSDT 90CD794A ZwSystemDebugControl
SSDT 90CD78D7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetTimerEx + 448 822B9A6C 4 Bytes [36, 79, CD, 90] {JNS 0xffffffd0; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 76C 822B9D90 4 Bytes [40, 79, CD, 90] {INC EAX; JNS 0xffffffd0; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 7A0 822B9DC4 4 Bytes [3B, 79, CD, 90] {CMP EDI, [ECX-0x33]; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 804 822B9E28 4 Bytes [45, 79, CD, 90] {INC EBP; JNS 0xffffffd0; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 84C 822B9E70 4 Bytes [4A, 79, CD, 90] {DEC EDX; JNS 0xffffffd0; NOP }
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys
Device \Driver\nvstor32 \Device\00000066 sfsync02.sys
Device \Driver\nvstor32 \Device\00000067 sfsync02.sys
Device \Driver\prohlp02 \Device\ProHlp02 8DF261D0
Device \Driver\nvstor32 \Device\RaidPort0 sfsync02.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 84EC7678
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?DfSdk
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 2.1 ----
Vielen Dank für deine Hilfe,
Gruß Joe |
Hinweise zum Ablauf