|
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.06.2012, 13:15 | #1 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Tag zusammen. Auch ich wurde nun Opfer eines Angriffs. Nachdem ich von der Softronic Seite einen TGP Converter gezogen hatte, fing es an. Mein MSE hat sich leider unverzüglich ausgeschaltet sowie die Firewall von Windows. Darauf hatte ich mir Antivir (c:\Programme(x86)\Avira\AntiVir Desktop\avcenter) installiert der mir jetzt anzeigt das er genau diesen Trojaner fand. Hier mal die OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2012 14:01:05 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads 64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,96% Memory free 15,83 Gb Paging File | 12,63 Gb Available in Paging File | 79,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,79 Gb Total Space | 40,61 Gb Free Space | 46,25% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 47,17 Gb Free Space | 96,61% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS Drive F: | 98,96 Gb Total Space | 75,35 Gb Free Space | 76,15% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 13:59:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.10.18 18:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.10.03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.07.21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.08.22 20:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2011.12.12 03:57:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2009.08.22 20:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.13 14:17:52 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.12 16:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2011.01.12 16:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.05 14:19:59 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.13 14:17:10 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.12.12 03:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.10.03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.18 13:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.06.12 21:43:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 44 77 6A 9A 2F CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C029863-5A9E-4C1A-BFB0-841706C2F7CB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: E:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_ptnrs=%5EABT&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL CHR - Extension: Avira Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.2.23832_0\ CHR - Extension: TV = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Kingdom Rush = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YoWindow Wetter = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.30_0\ CHR - Extension: Super Mario World = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkihmbmfokomgcblenhedokepnlhjpmb\2.5_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Super Mario Bros = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbanmklbelbcamgokhjgcojkogbgkig\3.6_0\ CHR - Extension: Google Maps = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: Facebook Notifications = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.10 12:04:49 | 000,001,037 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 nero.com O1 - Hosts: 127.0.0.1 www.nero.com O1 - Hosts: 127.0.0.1 activate.nero.com O1 - Hosts: 127.0.0.1 www.activate.nero.com O1 - Hosts: 127.0.0.1 nero.de O1 - Hosts: 127.0.0.1 www.nero.de O1 - Hosts: 127.0.0.1 activate.nero.de O1 - Hosts: 127.0.0.1 www.activate.nero.de O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [EPSON SX430 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_S94B1.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629DB53C-63F7-4B12-B094-804005A1F68A}: DhcpNameServer = 81.173.194.69 81.173.194.77 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.06.13 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.06.13 12:25:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 12:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.13 12:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.06.13 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2012.06.13 12:14:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.13 12:14:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.13 12:14:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.13 12:12:24 | 000,000,000 | ---D | C] -- D:\Simply Super Software [2012.06.13 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.06.13 12:04:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.06.13 11:52:01 | 000,000,000 | ---D | C] -- D:\Any Video Converter [2012.06.13 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.06.13 11:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.06.13 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012.06.13 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\4Videosoft Studio [2012.06.13 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Aiseesoft Studio [2012.06.13 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\XnView [2012.06.13 11:33:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.06.13 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{37851551-6739-4DBF-B6B0-DD21A168148B} [2012.06.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EE9D0652-F572-4129-AF8A-DE6AB63E35CF} [2012.06.12 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:38:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\GPUMonitor [2012.06.11 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.06.10 21:52:45 | 000,000,000 | ---D | C] -- D:\ANNO 1404 Venedig [2012.06.10 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2012.06.10 20:49:22 | 000,000,000 | ---D | C] -- D:\Nero [2012.06.10 20:40:30 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.06.10 19:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.06.10 19:55:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.10 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.06.10 19:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.06.10 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.06.10 19:52:13 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 [2012.06.10 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nero [2012.06.10 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVD Shrink [2012.06.10 13:03:42 | 000,260,678 | ---- | C] (DVD Shrink) -- C:\Users\xxx\Desktop\DVD Shrink 2.3 German.exe [2012.06.10 13:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012.06.10 12:59:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero_AG [2012.06.10 12:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.10 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero [2012.06.10 11:23:16 | 000,000,000 | ---D | C] -- D:\NeroVision [2012.06.10 11:22:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nero [2012.06.10 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.06.10 11:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.06.10 11:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.06.10 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.06.10 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D1CE5C5E-77EA-4B62-B84E-E366858D7507} [2012.06.10 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{41116FC5-4735-4D5A-8294-A8672442D885} [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:47:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.09 11:07:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0306ADCF-9557-4830-9CE5-0DC49742F585} [2012.06.09 11:07:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1055FC-E5E4-43DC-AE51-1D4DF10A0BB4} [2012.06.06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EF90D0BF-87AC-4F72-83DC-AF927ED949B0} [2012.06.06 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7D3951A8-AD42-4AC1-9EEA-CC31720DB4D2} [2012.06.05 08:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F0F04F5-6EC1-4A76-BA41-EF197765B7A2} [2012.06.05 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6E0AEF98-4DDB-4491-A14B-8FC0F97D6131} [2012.06.04 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.04 20:50:39 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.06.04 20:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.06.04 20:50:36 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.06.04 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.06.04 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3313889D-BE15-4A6D-B0BA-1EB349481239} [2012.06.04 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72BA3D97-00D8-4BB4-B4A6-296E8711700D} [2012.06.03 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8E0123CF-4C2A-4C05-A8E5-CBFE4C9DDE4C} [2012.06.03 13:06:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB7927F3-437F-46A9-B20F-9066CF07E8E2} [2012.06.02 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72EAC6AC-40C3-4A06-844C-921B0E9D12D2} [2012.06.02 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BDD0EB14-5C21-47FD-80A4-D095C6D1A6D3} [2012.06.01 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F7FBEF0E-C968-461E-A24B-ADF5FE67A59B} [2012.06.01 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D52D7AD4-509B-4F38-A716-9A1B7A077EAC} [2012.05.31 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C64387C-7727-4849-A399-49576C121E7D} [2012.05.31 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{642A039C-DE65-4AB5-9A89-B3AF62E594A6} [2012.05.31 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2AA8047C-617A-4098-BE0A-B61CBAD1F7DB} [2012.05.31 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4706BB82-F7B8-44B2-BBF3-41EA9689A5EB} [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.05.30 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3ADB0DAF-1354-4D98-805F-3342CD9C7E37} [2012.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F2CE015-9514-4467-A7A5-2150B96DDCD7} [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- D:\Diablo III [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.29 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.29 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C4C05D51-1515-4E5C-A98A-33BFCFBC3B15} [2012.05.29 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C251031-8995-4C31-93FA-867A344F8319} [2012.05.28 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{303281CF-A4DE-4CA9-B157-1071A8B958CB} [2012.05.28 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0964C69F-B618-4208-B255-9560C58A875F} [2012.05.28 00:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2012.05.28 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2012.05.27 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{32323149-A646-435F-B5B8-8DB87EF167B6} [2012.05.27 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{46A6EB67-451D-409B-87D9-BEAD70E1C4FA} [2012.05.26 23:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.05.26 22:38:07 | 000,000,000 | ---D | C] -- D:\Settlers7 [2012.05.26 22:21:51 | 000,000,000 | ---D | C] -- D:\ANNO 2070 [2012.05.26 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ubisoft Game Launcher [2012.05.26 22:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.05.26 21:48:46 | 000,000,000 | ---D | C] -- D:\OpenTTD [2012.05.26 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{937E7C9C-75E5-4583-9626-266359BBD2AA} [2012.05.26 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{12473144-2A72-4811-96AE-F33B6AAB1C7C} [2012.05.25 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{23FE6624-96C9-4C5B-9478-2C484768E26C} [2012.05.25 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4555DB9B-C99C-48F1-B402-3127DF50C6E3} [2012.05.24 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F1D9F76-E47D-492D-AEB4-FAB0DF1A81D1} [2012.05.24 21:36:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CCD1693C-DCA1-4A27-AF86-2F4E666B5154} [2012.05.23 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- D:\The Movies [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.22 20:28:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.05.22 12:13:46 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012.05.22 12:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies [2012.05.22 12:10:00 | 000,000,000 | ---D | C] -- D:\MeinSpore-Kreationen [2012.05.22 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.05.22 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios [2012.05.22 11:42:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SAdK [2012.05.22 11:42:07 | 000,000,000 | ---D | C] -- D:\SAdK [2012.05.22 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.22 11:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce [2012.05.22 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.22 11:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.05.22 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.05.22 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 10:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD [2012.05.22 10:02:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8A6BDC49-5067-4816-B4DD-E745E665F123} [2012.05.22 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{15E5F896-0511-4990-8EAE-61EF0B66A296} [2012.05.21 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C33E8C4-2CD3-4873-B2BF-41AE94995EF2} [2012.05.21 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A7CEE673-4B79-4994-926A-F50F23ADBCC2} [2012.05.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F269E48E-0CC5-4ECE-BA62-21552B710E96} [2012.05.20 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{064CB7A5-1AAF-449A-96C2-ACEC300B881C} [2012.05.19 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3FBB5CC1-7068-452C-BBBD-068DE77864C6} [2012.05.19 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1D0F75-AD7D-4E37-A26A-39C14039CF5E} [2012.05.18 12:59:51 | 000,000,000 | ---D | C] -- D:\Prüfung [2012.05.18 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C2AEBA9-0AA4-492A-9678-146520DDF3FA} [2012.05.18 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8D7DF2FD-C632-4D09-BF24-99EC008AABD4} [2012.05.16 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{38B432B8-2EF4-4733-A74F-9BA5549CFDA2} [2012.05.15 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0F7A5EAD-AA95-4F9C-8F32-E7CD498930FE} [2012.05.15 21:29:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C1E3F48D-22FF-44DA-A490-35E42D82AC7C} [2012.05.14 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6BC73A99-8C02-4F67-B40D-B2A1CA1E8C16} [2012.05.14 20:46:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{53ECF689-D097-4978-B04A-F65295DA3E1A} ========== Files - Modified Within 30 Days ========== [2012.06.13 13:59:11 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.06.13 13:23:39 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:23:39 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:16:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job [2012.06.13 13:15:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 13:15:20 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 12:25:59 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:14:49 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 11:51:43 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:32:01 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 11:32:01 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 11:32:01 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 11:32:01 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 11:32:01 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 21:48:17 | 000,000,412 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 13:40:46 | 000,043,740 | ---- | M] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.12 12:18:09 | 000,002,429 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.06.11 09:05:01 | 004,897,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.10 21:07:41 | 000,001,077 | ---- | M] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 16:16:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:49 | 000,001,037 | ---- | M] () -- D:\hosts [2012.06.09 16:07:59 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll [2012.06.09 15:50:20 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | M] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | M] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:38:29 | 000,001,094 | ---- | M] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | M] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo ========== Files Created - No Company Name ========== [2012.06.13 13:59:11 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.06.13 13:58:08 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000032.@ [2012.06.13 13:49:37 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ [2012.06.13 13:37:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@ [2012.06.13 12:25:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:14:49 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 12:12:21 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.06.13 12:12:21 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.06.13 11:51:43 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:46:04 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\00000004.@ [2012.06.13 11:46:03 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000000.@ [2012.06.13 11:45:54 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000004.@ [2012.06.13 11:45:54 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\000000cb.@ [2012.06.13 11:09:36 | 000,057,344 | ---- | C] () -- C:\h2format.exe [2012.06.12 21:48:17 | 000,000,412 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 12:14:38 | 000,043,740 | ---- | C] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.10 21:07:41 | 000,001,077 | ---- | C] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:32 | 000,001,037 | ---- | C] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | C] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | C] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:43:52 | 000,001,094 | ---- | C] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | C] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.05.26 22:40:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.05.11 20:12:26 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.08 20:15:57 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.05.05 20:47:24 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.05.05 14:40:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\@ [2012.05.05 13:37:33 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.06.13 11:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.05.05 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.06.04 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 20:53:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.06 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2012.05.22 20:28:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.30 12:43:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.06.13 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 11:33:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.05.22 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.06.10 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:58:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft [2012.05.08 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.06.13 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\XnView [2009.07.14 07:08:49 | 000,019,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Und die Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2012 14:01:05 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads 64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,14 Gb Available Physical Memory | 64,96% Memory free 15,83 Gb Paging File | 12,63 Gb Available in Paging File | 79,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,79 Gb Total Space | 40,61 Gb Free Space | 46,25% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 47,17 Gb Free Space | 96,61% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS Drive F: | 98,96 Gb Total Space | 75,35 Gb Free Space | 76,15% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- E:\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- E:\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.47 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.47 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.9.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Canon SELPHY CP760" = Canon SELPHY CP760 "EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Speccy" = Speccy "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 2.0.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1 "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1 "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25 "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3 "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9B92288B-5DC5-74A2-5E76-C4DE4864B76E}" = Warner Bros. Digital Copy Manager "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack "{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF7CBA18-9222-11DC-AEA9-6FAA56D89593}" = SimCity™ Societies Demo "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AmUStor" = Alcor Micro USB Card Reader "Any Video Converter_is1" = Any Video Converter 3.3.9 "ArtMoney SE_is1" = ArtMoney SE v7.38 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager "dcmsvc_is1" = dcmsvc 1.0 "DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt "EPSON Scanner" = EPSON Scan "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4 "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenTTD" = OpenTTD 1.2.0${APPV_EXTRA} "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "SADK" = Die Siedler - Aufbruch der Kulturen "SpeedFan" = SpeedFan (remove only) "Trojan Remover_is1" = Trojan Remover 6.8.3 "WinAce Archiver" = WinAce Archiver "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.05.2012 08:31:33 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002 Description = Programm chrome.exe, Version 19.0.1084.52 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1780 Startzeit: 01cd3f26dc535c31 Endzeit: 7 Anwendungspfad: C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe Berichts-ID: 89e3098f-ab1c-11e1-a5bd-c860001d60ce Error - 02.06.2012 10:51:21 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version: 8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd ID des fehlerhaften Prozesses: 0xab8 Startzeit der fehlerhaften Anwendung: 0x01cd40cf1b7a6dd1 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll Berichtskennung: 6a572fb4-acc2-11e1-84f0-c860001d60ce Error - 05.06.2012 11:03:51 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version: 8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd ID des fehlerhaften Prozesses: 0xaa0 Startzeit der fehlerhaften Anwendung: 0x01cd432c5f20fffc Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll Berichtskennung: a8b2a6dd-af1f-11e1-afd1-c860001d60ce Error - 10.06.2012 14:14:27 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper, Version: 14.0.4755.1000, Zeitstempel: 0x4b989df1 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bc21 ID des fehlerhaften Prozesses: 0x15c8 Startzeit der fehlerhaften Anwendung: 0x01cd4734708e9c26 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 1d0d4033-b328-11e1-9910-c860001d60ce Error - 10.06.2012 14:16:37 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper, Version: 14.0.4755.1000, Zeitstempel: 0x4b989df1 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bc21 ID des fehlerhaften Prozesses: 0x13b8 Startzeit der fehlerhaften Anwendung: 0x01cd4735232de464 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 6a6a8fe4-b328-11e1-9910-c860001d60ce Error - 10.06.2012 15:07:46 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MT-eXperience.exe, Version: 0.0.0.0, Zeitstempel: 0x48384665 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0077e853 ID des fehlerhaften Prozesses: 0xf8c Startzeit der fehlerhaften Anwendung: 0x01cd473c51328cf7 Pfad der fehlerhaften Anwendung: E:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 8fcf82d3-b32f-11e1-9910-c860001d60ce Error - 10.06.2012 15:08:06 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MT-eXperience.exe, Version: 0.0.0.0, Zeitstempel: 0x48384665 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0077e853 ID des fehlerhaften Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cd473c5dd30a13 Pfad der fehlerhaften Anwendung: E:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 9b86b914-b32f-11e1-9910-c860001d60ce Error - 13.06.2012 06:44:11 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1c7 Name des fehlerhaften Moduls: nvdxgiwrapx.dll, Version: 8.17.12.9047, Zeitstempel: 0x4ee4e503 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00000000000012dd ID des fehlerhaften Prozesses: 0xcd4 Startzeit der fehlerhaften Anwendung: 0x01cd49516980454f Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll Berichtskennung: b565529a-b544-11e1-86bb-c860001d60ce Error - 13.06.2012 07:59:55 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.48.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f47 ID des fehlerhaften Prozesses: 0x94 Startzeit der fehlerhaften Anwendung: 0x01cd495c09836c43 Pfad der fehlerhaften Anwendung: C:\Users\xxx\Downloads\OTL.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 49a6073b-b54f-11e1-b544-c860001d60ce Error - 13.06.2012 08:00:15 | Computer Name = xxx-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.48.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f47 ID des fehlerhaften Prozesses: 0x6b4 Startzeit der fehlerhaften Anwendung: 0x01cd495c178d2225 Pfad der fehlerhaften Anwendung: C:\Users\xxx\Downloads\OTL.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 55aa2339-b54f-11e1-b544-c860001d60ce [ System Events ] Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error - 13.06.2012 06:43:20 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 13.06.2012 06:44:09 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 13.06.2012 06:44:09 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 13.06.2012 07:15:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 13.06.2012 07:15:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 13.06.2012 07:15:42 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error - 13.06.2012 07:16:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 13.06.2012 07:16:39 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 < End of report > Hatte natürlich noch was vergessen. Die Antivir Log Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 13. Juni 2012 13:24 Es wird nach 3831809 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CHRISTIAN-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48 AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50 LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 13.06.2012 10:16:02 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 10:15:51 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 10:15:51 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 10:15:51 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 10:15:52 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 10:15:52 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 10:15:52 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 10:15:52 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 10:15:52 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 10:15:52 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 10:15:52 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 10:15:53 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 10:15:53 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 10:15:53 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 10:15:54 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 10:15:54 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 10:15:54 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 10:15:55 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 10:15:55 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 10:15:55 VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 10:15:56 VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 10:15:56 VBASE026.VDF : 7.11.32.172 2048 Bytes 12.06.2012 10:15:56 VBASE027.VDF : 7.11.32.173 2048 Bytes 12.06.2012 10:15:56 VBASE028.VDF : 7.11.32.174 2048 Bytes 12.06.2012 10:15:56 VBASE029.VDF : 7.11.32.175 2048 Bytes 12.06.2012 10:15:56 VBASE030.VDF : 7.11.32.176 2048 Bytes 12.06.2012 10:15:56 VBASE031.VDF : 7.11.32.190 26112 Bytes 13.06.2012 10:15:56 Engineversion : 8.2.10.80 AEVDF.DLL : 8.1.2.8 106867 Bytes 13.06.2012 10:16:01 AESCRIPT.DLL : 8.1.4.24 450939 Bytes 13.06.2012 10:16:01 AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36 AESBX.DLL : 8.2.5.10 606580 Bytes 13.06.2012 10:16:02 AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32 AEPACK.DLL : 8.2.16.16 807288 Bytes 13.06.2012 10:16:01 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 16:41:32 AEHEUR.DLL : 8.1.4.36 4874615 Bytes 13.06.2012 10:16:00 AEHELP.DLL : 8.1.21.0 254326 Bytes 13.06.2012 10:15:57 AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 16:41:31 AEEXP.DLL : 8.1.0.44 82293 Bytes 13.06.2012 10:16:02 AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29 AECORE.DLL : 8.1.25.10 201080 Bytes 13.06.2012 10:15:57 AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28 AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21 AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31 AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35 AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02 AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35 NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51 RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd8765b\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Mittwoch, 13. Juni 2012 13:24 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RivaTuner.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dcmsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SonicFocusTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@' C:\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e7d746.qua' verschoben! Ende des Suchlaufs: Mittwoch, 13. Juni 2012 13:25 Benötigte Zeit: 01:02 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 36 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 35 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Malware findet nichts. Hoffentlich könnt ihr mir helfen ohne das ich mein System neu aufsetzen muss. Geändert von Sueppi (13.06.2012 um 13:28 Uhr) |
13.06.2012, 14:04 | #2 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi,
__________________Rootkit... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris Ps.: Falls CF nicht läuft, im abgesicherten Modus probieren (F8 beim Booten drücken)
__________________ Geändert von Chris4You (13.06.2012 um 14:19 Uhr) |
13.06.2012, 14:42 | #3 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden So, Combofix wurde jetzt im Abgesicherten Modus ausgeführt.
__________________Hier die Log Datei Combofix Logfile: Code:
ATTFilter ComboFix 12-06-13.01 - xxx 13.06.2012 15:28:37.1.8 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8104.6728 [GMT 2:00] ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\invokesi.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\00000004.@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\L\201d3dde c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000004.@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\000000cb.@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000000.@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000032.@ c:\windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\80000064.@ . Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe wurde wiederhergestellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-13 bis 2012-06-13 )))))))))))))))))))))))))))))) . . 2012-06-13 13:33 . 2012-06-13 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 13:33 . 2012-06-13 13:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-13 10:25 . 2012-06-13 10:25 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes 2012-06-13 10:25 . 2012-06-13 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-13 10:25 . 2012-06-13 10:25 -------- d-----w- c:\programdata\Malwarebytes 2012-06-13 10:25 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 10:14 . 2012-06-13 10:14 -------- d-----w- c:\users\xxx\AppData\Local\APN 2012-06-13 10:14 . 2012-06-13 13:13 -------- d-----w- c:\programdata\Avira 2012-06-13 10:12 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll 2012-06-13 10:12 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll 2012-06-13 10:12 . 2012-06-13 10:12 -------- d-----w- c:\program files (x86)\Trojan Remover 2012-06-13 10:12 . 2012-06-13 10:12 -------- d-----w- c:\users\xxx\AppData\Roaming\Simply Super Software 2012-06-13 10:12 . 2012-06-13 10:12 -------- d-----w- c:\programdata\Simply Super Software 2012-06-13 10:04 . 2012-06-13 10:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-06-13 09:51 . 2012-06-13 09:51 -------- d-----w- c:\users\xxx\AppData\Roaming\AnvSoft 2012-06-13 09:51 . 2012-06-13 09:51 -------- d-----w- c:\program files (x86)\AnvSoft 2012-06-13 09:46 . 2012-06-13 09:46 -------- d-----w- c:\users\xxx\AppData\Local\4Videosoft Studio 2012-06-13 09:37 . 2012-06-13 09:37 -------- d-----w- c:\users\xxx\AppData\Local\Aiseesoft Studio 2012-06-13 09:34 . 2012-06-13 09:46 -------- d-----w- c:\users\xxx\AppData\Roaming\XnView 2012-06-13 09:33 . 2012-06-13 09:33 -------- d-----w- c:\users\xxx\AppData\Roaming\SpiritON TV Software 2012-06-13 09:09 . 2003-01-06 11:13 57344 ----a-w- C:\h2format.exe 2012-06-12 19:42 . 2012-06-12 19:43 -------- d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2012-06-12 19:38 . 2012-06-12 19:38 -------- d-----w- c:\users\xxx\AppData\Local\GPUMonitor 2012-06-12 10:22 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49AAE345-83CC-475B-9C74-D7DBC6F14103}\mpengine.dll 2012-06-11 10:42 . 2012-06-11 10:42 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-06-10 18:40 . 2012-06-13 11:47 -------- d-----w- c:\windows\AutoKMS 2012-06-10 17:55 . 2012-06-10 17:55 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-06-10 17:55 . 2012-06-10 17:55 -------- d-----w- c:\windows\PCHEALTH 2012-06-10 17:52 . 2012-06-10 17:52 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-06-10 17:52 . 2012-06-10 17:52 -------- d-----r- C:\MSOCache 2012-06-10 16:28 . 2012-06-10 16:28 -------- d-----w- c:\users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-06-10 16:28 . 2012-06-10 16:28 -------- d-----w- c:\users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 2012-06-10 13:52 . 2012-06-10 13:52 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2012-06-10 13:52 . 2012-06-10 13:52 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys 2012-06-10 12:01 . 2012-06-10 12:01 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-10 12:01 . 2012-06-10 12:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-10 12:00 . 2012-06-10 12:00 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-10 11:04 . 2012-06-10 12:43 -------- d-----w- c:\users\xxx\AppData\Roaming\DVD Shrink 2012-06-10 11:00 . 2012-06-10 11:00 -------- d-----w- c:\programdata\DVD Shrink 2012-06-10 10:44 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-10 09:25 . 2012-06-10 09:25 -------- d-----w- c:\users\xxx\AppData\Local\Nero 2012-06-10 09:22 . 2012-06-10 09:22 -------- d-----w- c:\users\xxx\AppData\Roaming\Nero 2012-06-10 09:22 . 2012-06-10 09:22 -------- d-----w- c:\program files (x86)\Nero 2012-06-10 09:11 . 2012-06-10 09:22 -------- d-----w- c:\programdata\Nero 2012-06-10 09:10 . 2012-06-10 09:11 -------- d-----w- c:\program files (x86)\Common Files\Nero 2012-06-09 13:50 . 2012-06-09 13:50 86528 ----a-w- c:\windows\bnetunin.exe 2012-06-09 13:50 . 2012-06-09 13:50 61440 ----a-w- c:\windows\diabswun.exe 2012-06-09 13:47 . 2012-06-09 13:47 -------- d--h--w- c:\programdata\Common Files 2012-06-04 18:50 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll 2012-06-04 18:50 . 2012-04-18 11:49 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-04 18:50 . 2012-06-04 18:53 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2012-06-04 18:50 . 2012-03-06 13:43 80024 ----a-w- c:\windows\SysWow64\mfcm100u.dll 2012-06-04 18:50 . 2012-03-06 13:43 772248 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-06-04 18:50 . 2012-03-06 13:43 4421272 ----a-w- c:\windows\SysWow64\mfc100u.dll 2012-06-04 18:50 . 2012-03-06 13:43 419480 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-06-04 18:50 . 2012-03-06 13:43 136344 ----a-w- c:\windows\SysWow64\atl100.dll 2012-06-04 18:49 . 2012-06-04 18:53 -------- d-----w- c:\users\xxx\AppData\Roaming\DVDVideoSoft 2012-05-30 10:27 . 2012-05-30 10:43 -------- d-----w- c:\users\xxx\AppData\Roaming\Notepad++ 2012-05-29 11:32 . 2012-05-29 11:32 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-05-29 11:30 . 2012-05-29 11:30 -------- d-----w- c:\programdata\Battle.net 2012-05-27 22:43 . 2012-05-27 22:43 -------- d-----w- c:\program files\Speccy 2012-05-26 21:22 . 2012-05-26 21:22 -------- d-----w- c:\program files (x86)\Lavalys 2012-05-26 21:02 . 2012-06-12 20:10 -------- d-----w- c:\program files (x86)\SpeedFan 2012-05-26 20:14 . 2012-05-26 20:17 -------- d-----w- c:\users\xxx\AppData\Local\Ubisoft Game Launcher 2012-05-26 20:13 . 2012-06-10 16:43 -------- d-----w- c:\programdata\Solidshield 2012-05-22 18:28 . 2012-05-22 18:28 -------- d-----w- c:\users\xxx\AppData\Roaming\Lionhead Studios 2012-05-22 10:13 . 2012-05-22 10:13 -------- d-sh--w- c:\windows\ftpcache 2012-05-22 10:09 . 2012-05-22 10:10 -------- d-----w- c:\users\xxx\AppData\Roaming\SPORE 2012-05-22 10:08 . 2012-05-22 10:08 -------- d-----w- c:\programdata\Lionhead Studios 2012-05-22 09:42 . 2012-05-23 14:49 -------- d-----w- c:\users\xxx\AppData\Local\SAdK 2012-05-22 09:28 . 2012-05-22 09:28 -------- d-----w- c:\windows\SysWow64\AGEIA 2012-05-22 09:28 . 2012-05-22 09:28 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-05-22 09:27 . 2012-05-22 09:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 09:46 . 2012-05-05 11:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-13 09:46 . 2012-05-05 11:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 19:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-05-05 19:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-05-05 14:20 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-05 14:19 . 2012-05-05 14:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-05-05 14:19 . 2012-05-05 14:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-05-05 14:19 . 2012-05-05 14:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-05-05 14:19 . 2012-05-05 14:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-05-05 14:19 . 2012-05-05 14:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-05-05 14:19 . 2012-05-05 14:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-05-05 14:19 . 2012-05-05 14:19 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-05-05 14:19 . 2012-05-05 14:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-05-05 14:19 . 2012-05-05 14:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-05-05 14:19 . 2012-05-05 14:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-05-05 14:19 . 2012-05-05 14:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-05-05 14:19 . 2012-05-05 14:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-05-05 14:19 . 2012-05-05 14:19 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-05-05 14:19 . 2012-05-05 14:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-05-05 14:19 . 2012-05-05 14:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-05-05 14:19 . 2012-05-05 14:19 222208 ----a-w- c:\windows\system32\msls31.dll 2012-05-05 14:19 . 2012-05-05 14:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-05 14:19 . 2012-05-05 14:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-05-05 14:19 . 2012-05-05 14:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-05-05 14:19 . 2012-05-05 14:19 12288 ----a-w- c:\windows\system32\mshta.exe 2012-05-05 14:19 . 2012-05-05 14:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-05-05 14:19 . 2012-05-05 14:19 114176 ----a-w- c:\windows\system32\admparse.dll 2012-05-05 14:19 . 2012-05-05 14:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-05-05 14:19 . 2012-05-05 14:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-05-05 14:19 . 2012-05-05 14:19 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-05-05 14:19 . 2012-05-05 14:19 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-05-05 14:19 . 2012-05-05 14:19 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-05-05 14:19 . 2012-05-05 14:19 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-05 14:19 . 2012-05-05 14:19 448512 ----a-w- c:\windows\system32\html.iec 2012-05-05 14:19 . 2012-05-05 14:19 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-05 14:19 . 2012-05-05 14:19 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-05-05 14:19 . 2012-05-05 14:19 160256 ----a-w- c:\windows\system32\wextract.exe 2012-05-05 14:19 . 2012-05-05 14:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-05-05 14:19 . 2012-05-05 14:19 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-05 12:19 . 2010-08-24 15:55 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys 2012-05-05 12:00 . 2012-05-05 12:00 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-05 12:00 . 2012-05-05 12:00 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-05 11:43 . 2012-05-05 11:43 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{521EF502-5B37-4067-A03C-27780A2D450A}\gapaengine.dll 2012-04-13 12:17 . 2012-04-13 12:17 16128 ----a-w- c:\windows\system32\drivers\TurboB.sys 2012-03-31 06:05 . 2012-05-12 17:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-12 17:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-12 17:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-12 17:50 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-12 17:47 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-19 21:44 . 2012-03-19 21:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe 2012-03-19 21:44 . 2012-03-19 21:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe 2012-03-19 21:44 . 2012-03-19 21:44 439064 ----a-w- c:\windows\system32\igfxpers.exe 2012-03-19 21:44 . 2012-03-19 21:44 398616 ----a-w- c:\windows\system32\hkcmd.exe 2012-03-19 21:44 . 2012-03-19 21:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe 2012-03-19 21:44 . 2012-03-19 21:44 250136 ----a-w- c:\windows\system32\igfxext.exe 2012-03-19 21:44 . 2012-03-19 21:44 184600 ----a-w- c:\windows\system32\difx64.exe 2012-03-19 21:44 . 2012-03-19 21:44 170264 ----a-w- c:\windows\system32\igfxtray.exe 2012-03-19 21:42 . 2012-03-19 21:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll 2012-03-19 21:32 . 2012-03-19 21:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2012-03-19 21:31 . 2011-07-26 14:22 8087040 ----a-w- c:\windows\system32\igdumd64.dll 2012-03-19 21:31 . 2012-03-19 21:31 963912 ----a-w- c:\windows\system32\igkrng600.bin 2012-03-19 21:31 . 2012-03-19 21:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin 2012-03-19 21:31 . 2012-03-19 21:31 79360 ----a-w- c:\windows\system32\igdde64.dll 2012-03-19 21:26 . 2012-03-19 21:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll 2012-03-19 21:25 . 2012-03-19 21:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll 2012-03-19 21:22 . 2011-07-26 14:09 9605632 ----a-w- c:\windows\system32\igd10umd64.dll 2012-03-19 21:11 . 2012-03-19 21:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2012-03-19 20:31 . 2012-03-19 20:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll 2012-03-19 20:21 . 2012-03-19 20:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc 2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc 2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc 2012-03-19 20:18 . 2012-03-19 20:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc 2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc 2012-03-19 20:18 . 2012-03-19 20:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc 2012-03-19 20:18 . 2012-03-19 20:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc 2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc 2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc 2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc 2012-03-19 20:18 . 2012-03-19 20:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc 2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc 2012-03-19 20:18 . 2012-03-19 20:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc 2012-03-19 20:18 . 2012-03-19 20:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-4-13 207360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-12 2348864] R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-06-12 19952] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-04-13 149504] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job - c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 14:11] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job - c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 14:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-18 13370472] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47&v=11.1.0.7&sap=hp mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube Download - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - f:\micros~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 81.173.194.69 81.173.194.77 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-MsMpSvc WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3201743549-792140521-1694852398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3201743549-792140521-1694852398-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-06-13 15:38:10 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-13 13:38 . Vor Suchlauf: 8 Verzeichnis(se), 44.388.012.032 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 46.606.802.944 Bytes frei . - - End Of File - - D582B8748B09BF2AE01AB5E306898906 |
13.06.2012, 15:25 | #4 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, bitte Fullscan mit Avira... Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
13.06.2012, 18:13 | #5 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden So. Die nächste Aktion ist beendet. Hier jetzt die Log bzw. nur die Infiziert gefundenen Teile. ----------------------------------------------------------------------------- Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 394649 Infiziert: 2 Modifikationen: 0 Verdächtig: 0 Adware: 0 Dialer: 0 Scherzprogramme: 0 Riskware: 0 Hacktools: 1 Desinfiziert: 0 Gelöscht: 1 Umbenannt: 0 Verschoben: 1 Ignoriert: 0 Geschwindigkeit:: 468 Kb/s Dauer:: 2:20:52 ----------------------------------------------------------------------------- C:\Qoobox\Quarantine\C\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U\00000008.@.vir - gelöscht ============================================================================= Gesamtsitzungsstatistik ============================================================================= Gescannt: 395774 Infiziert: 3 Modifikationen: 0 Verdächtig: 0 Adware: 0 Dialer: 0 Scherzprogramme: 0 Riskware: 0 Hacktools: 1 Desinfiziert: 0 Gelöscht: 3 Umbenannt: 0 Verschoben: 1 Ignoriert: 0 Geschwindigkeit:: 47 Kb/s Dauer:: 2:21:44 Hier aber nochmal die Datei die in der Anleitung beschrieben wurde. DrWeb.txt dcmsvc.exe;c:\program files (x86)\dcmsvc;Trojan.DownLoader4.24087;Gelöscht.; OTL.exe;C:\Documents and Settings\xxx\Downloads;Trojan.Siggen4.4395;Nicht desinfizierbar.Verschoben.; 00000008.@.vir;C:\Qoobox\Quarantine\C\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U;Tool.BtcMine.26;; 80000032.@.vir;C:\Qoobox\Quarantine\C\Windows\Installer\{31b8a514-edf3-0071-d9e3-d21f86d249a6}\U;BackDoor.Maxplus.5209;Gelöscht.; Geändert von Sueppi (13.06.2012 um 18:22 Uhr) |
14.06.2012, 06:52 | #6 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, sieht gut aus... Abschließend noch ein neues Log von OTL posten und TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein: Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ --> TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden |
14.06.2012, 11:39 | #7 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Morgen. Hab jetzt OTL und TDSS laufen lassen. OTL gibt mir aber nur noch eine Datei aus. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2012 12:29:37 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads 64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,41 Gb Available Physical Memory | 68,37% Memory free 15,83 Gb Paging File | 13,20 Gb Available in Paging File | 83,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,79 Gb Total Space | 36,64 Gb Free Space | 41,73% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 47,04 Gb Free Space | 96,33% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 111,37 Gb Free Space | 76,03% Space Free | Partition Type: NTFS Drive F: | 98,96 Gb Total Space | 74,33 Gb Free Space | 75,11% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 12:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.10.18 18:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.10.03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.07.21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.13 14:17:52 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.12 16:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2011.01.12 16:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.05 14:19:59 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.13 14:17:10 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.12.12 03:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.10.03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.18 13:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.06.12 21:43:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 44 77 6A 9A 2F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C029863-5A9E-4C1A-BFB0-841706C2F7CB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: E:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL CHR - Extension: TV = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Kingdom Rush = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YoWindow Wetter = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.30_0\ CHR - Extension: Super Mario World = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkihmbmfokomgcblenhedokepnlhjpmb\2.5_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Super Mario Bros = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbanmklbelbcamgokhjgcojkogbgkig\3.6_0\ CHR - Extension: Google Maps = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: Facebook Notifications = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.13 15:34:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [EPSON SX430 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_S2DA5.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629DB53C-63F7-4B12-B094-804005A1F68A}: DhcpNameServer = 81.173.194.69 81.173.194.77 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 12:22:36 | 000,000,000 | ---D | C] -- C:\TDSS [2012.06.13 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ElevatedDiagnostics [2012.06.13 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.06.13 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.13 19:58:29 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.13 19:58:29 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.13 19:58:29 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.13 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.13 19:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.13 19:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.06.13 19:23:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Project-X_0.91.0 [2012.06.13 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\DoctorWeb [2012.06.13 15:39:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.13 15:38:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.13 15:27:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.13 15:27:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.13 15:27:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.13 15:14:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.13 15:14:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.06.13 15:06:21 | 004,556,459 | R--- | C] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2012.06.13 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.06.13 12:25:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.13 12:12:24 | 000,000,000 | ---D | C] -- D:\Simply Super Software [2012.06.13 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.06.13 12:04:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.06.13 11:52:01 | 000,000,000 | ---D | C] -- D:\Any Video Converter [2012.06.13 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.06.13 11:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.06.13 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012.06.13 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\4Videosoft Studio [2012.06.13 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Aiseesoft Studio [2012.06.13 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\XnView [2012.06.13 11:33:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.06.13 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{37851551-6739-4DBF-B6B0-DD21A168148B} [2012.06.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EE9D0652-F572-4129-AF8A-DE6AB63E35CF} [2012.06.12 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:38:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\GPUMonitor [2012.06.11 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.06.10 21:52:45 | 000,000,000 | ---D | C] -- D:\ANNO 1404 Venedig [2012.06.10 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2012.06.10 20:49:22 | 000,000,000 | ---D | C] -- D:\Nero [2012.06.10 20:40:30 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.06.10 19:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.06.10 19:55:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.10 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.06.10 19:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.06.10 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.06.10 19:52:13 | 000,000,000 | R--D | C] -- C:\MSOCache [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 [2012.06.10 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nero [2012.06.10 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVD Shrink [2012.06.10 13:03:42 | 000,260,678 | ---- | C] (DVD Shrink) -- C:\Users\xxx\Desktop\DVD Shrink 2.3 German.exe [2012.06.10 13:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012.06.10 12:59:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero_AG [2012.06.10 12:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.10 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero [2012.06.10 11:23:16 | 000,000,000 | ---D | C] -- D:\NeroVision [2012.06.10 11:22:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nero [2012.06.10 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.06.10 11:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.06.10 11:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.06.10 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.06.10 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D1CE5C5E-77EA-4B62-B84E-E366858D7507} [2012.06.10 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{41116FC5-4735-4D5A-8294-A8672442D885} [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:47:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.09 11:07:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0306ADCF-9557-4830-9CE5-0DC49742F585} [2012.06.09 11:07:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1055FC-E5E4-43DC-AE51-1D4DF10A0BB4} [2012.06.06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EF90D0BF-87AC-4F72-83DC-AF927ED949B0} [2012.06.06 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7D3951A8-AD42-4AC1-9EEA-CC31720DB4D2} [2012.06.05 08:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F0F04F5-6EC1-4A76-BA41-EF197765B7A2} [2012.06.05 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6E0AEF98-4DDB-4491-A14B-8FC0F97D6131} [2012.06.04 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.04 20:50:39 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.06.04 20:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.06.04 20:50:36 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.06.04 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.06.04 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3313889D-BE15-4A6D-B0BA-1EB349481239} [2012.06.04 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72BA3D97-00D8-4BB4-B4A6-296E8711700D} [2012.06.03 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8E0123CF-4C2A-4C05-A8E5-CBFE4C9DDE4C} [2012.06.03 13:06:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB7927F3-437F-46A9-B20F-9066CF07E8E2} [2012.06.02 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72EAC6AC-40C3-4A06-844C-921B0E9D12D2} [2012.06.02 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BDD0EB14-5C21-47FD-80A4-D095C6D1A6D3} [2012.06.01 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F7FBEF0E-C968-461E-A24B-ADF5FE67A59B} [2012.06.01 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D52D7AD4-509B-4F38-A716-9A1B7A077EAC} [2012.05.31 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C64387C-7727-4849-A399-49576C121E7D} [2012.05.31 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{642A039C-DE65-4AB5-9A89-B3AF62E594A6} [2012.05.31 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2AA8047C-617A-4098-BE0A-B61CBAD1F7DB} [2012.05.31 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4706BB82-F7B8-44B2-BBF3-41EA9689A5EB} [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.05.30 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3ADB0DAF-1354-4D98-805F-3342CD9C7E37} [2012.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F2CE015-9514-4467-A7A5-2150B96DDCD7} [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- D:\Diablo III [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.29 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.29 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C4C05D51-1515-4E5C-A98A-33BFCFBC3B15} [2012.05.29 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C251031-8995-4C31-93FA-867A344F8319} [2012.05.28 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{303281CF-A4DE-4CA9-B157-1071A8B958CB} [2012.05.28 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0964C69F-B618-4208-B255-9560C58A875F} [2012.05.28 00:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2012.05.28 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2012.05.27 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{32323149-A646-435F-B5B8-8DB87EF167B6} [2012.05.27 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{46A6EB67-451D-409B-87D9-BEAD70E1C4FA} [2012.05.26 23:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.05.26 22:38:07 | 000,000,000 | ---D | C] -- D:\Settlers7 [2012.05.26 22:21:51 | 000,000,000 | ---D | C] -- D:\ANNO 2070 [2012.05.26 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ubisoft Game Launcher [2012.05.26 22:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.05.26 21:48:46 | 000,000,000 | ---D | C] -- D:\OpenTTD [2012.05.26 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{937E7C9C-75E5-4583-9626-266359BBD2AA} [2012.05.26 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{12473144-2A72-4811-96AE-F33B6AAB1C7C} [2012.05.25 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{23FE6624-96C9-4C5B-9478-2C484768E26C} [2012.05.25 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4555DB9B-C99C-48F1-B402-3127DF50C6E3} [2012.05.24 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F1D9F76-E47D-492D-AEB4-FAB0DF1A81D1} [2012.05.24 21:36:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CCD1693C-DCA1-4A27-AF86-2F4E666B5154} [2012.05.23 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- D:\The Movies [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.22 20:28:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.05.22 12:13:46 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012.05.22 12:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies [2012.05.22 12:10:00 | 000,000,000 | ---D | C] -- D:\MeinSpore-Kreationen [2012.05.22 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.05.22 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios [2012.05.22 11:42:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SAdK [2012.05.22 11:42:07 | 000,000,000 | ---D | C] -- D:\SAdK [2012.05.22 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.22 11:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce [2012.05.22 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.22 11:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.05.22 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.05.22 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 10:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD [2012.05.22 10:02:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8A6BDC49-5067-4816-B4DD-E745E665F123} [2012.05.22 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{15E5F896-0511-4990-8EAE-61EF0B66A296} [2012.05.21 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C33E8C4-2CD3-4873-B2BF-41AE94995EF2} [2012.05.21 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A7CEE673-4B79-4994-926A-F50F23ADBCC2} [2012.05.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F269E48E-0CC5-4ECE-BA62-21552B710E96} [2012.05.20 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{064CB7A5-1AAF-449A-96C2-ACEC300B881C} [2012.05.19 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3FBB5CC1-7068-452C-BBBD-068DE77864C6} [2012.05.19 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1D0F75-AD7D-4E37-A26A-39C14039CF5E} [2012.05.18 12:59:51 | 000,000,000 | ---D | C] -- D:\Prüfung [2012.05.18 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C2AEBA9-0AA4-492A-9678-146520DDF3FA} [2012.05.18 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8D7DF2FD-C632-4D09-BF24-99EC008AABD4} [2012.05.16 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{38B432B8-2EF4-4733-A74F-9BA5549CFDA2} [2012.05.15 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0F7A5EAD-AA95-4F9C-8F32-E7CD498930FE} [2012.05.15 21:29:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C1E3F48D-22FF-44DA-A490-35E42D82AC7C} ========== Files - Modified Within 30 Days ========== [2012.06.14 12:24:24 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 12:24:24 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 12:16:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 12:16:33 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 20:45:34 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll [2012.06.13 20:16:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job [2012.06.13 19:58:42 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 19:30:55 | 2204,950,480 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001[remux].ts [2012.06.13 19:29:10 | 082,830,528 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.mp2 [2012.06.13 19:29:08 | 165,660,672 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.ac3 [2012.06.13 19:29:05 | 1839,685,232 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.m2v [2012.06.13 19:20:36 | 2146,893,824 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.trp [2012.06.13 16:31:29 | 087,010,728 | ---- | M] () -- C:\Users\xxx\Desktop\drweb-cureit.exe [2012.06.13 16:16:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job [2012.06.13 15:34:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.13 15:26:47 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.06.13 15:06:29 | 004,556,459 | R--- | M] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2012.06.13 13:59:11 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.06.13 12:25:59 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 11:51:43 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:32:01 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 11:32:01 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 11:32:01 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 11:32:01 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 11:32:01 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 21:48:17 | 000,000,412 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 13:40:46 | 000,043,740 | ---- | M] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.12 12:18:09 | 000,002,429 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.06.11 09:05:01 | 004,897,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.10 21:07:41 | 000,001,077 | ---- | M] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:49 | 000,001,037 | ---- | M] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | M] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | M] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:38:29 | 000,001,094 | ---- | M] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | M] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo ========== Files Created - No Company Name ========== [2012.06.13 19:58:42 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 19:29:15 | 2204,950,480 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001[remux].ts [2012.06.13 19:29:05 | 165,660,672 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.ac3 [2012.06.13 19:29:05 | 082,830,528 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.mp2 [2012.06.13 19:27:38 | 1839,685,232 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.m2v [2012.06.13 19:19:31 | 2146,893,824 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.trp [2012.06.13 16:28:00 | 087,010,728 | ---- | C] () -- C:\Users\xxx\Desktop\drweb-cureit.exe [2012.06.13 15:27:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.13 15:27:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.13 15:27:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.13 15:27:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.13 15:27:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.13 13:59:11 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.06.13 12:25:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:12:21 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.06.13 12:12:21 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.06.13 11:51:43 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:09:36 | 000,057,344 | ---- | C] () -- C:\h2format.exe [2012.06.12 21:48:17 | 000,000,412 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 12:14:38 | 000,043,740 | ---- | C] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.10 21:07:41 | 000,001,077 | ---- | C] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:32 | 000,001,037 | ---- | C] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | C] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | C] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:43:52 | 000,001,094 | ---- | C] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | C] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.05.26 22:40:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.05.11 20:12:26 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.08 20:15:57 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.05.05 20:47:24 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.05.05 13:37:33 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.06.13 11:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.05.05 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.06.04 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 20:53:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.06 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2012.05.22 20:28:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.30 12:43:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.06.13 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 11:33:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.05.22 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.06.10 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:58:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft [2012.05.08 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.06.13 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\XnView [2009.07.14 07:08:49 | 000,021,294 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Und hier die von TDSS 12:34:40.0273 0816 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 12:34:40.0351 0816 ============================================================ 12:34:40.0351 0816 Current date / time: 2012/06/14 12:34:40.0351 12:34:40.0351 0816 SystemInfo: 12:34:40.0351 0816 12:34:40.0351 0816 OS Version: 6.1.7601 ServicePack: 1.0 12:34:40.0351 0816 Product type: Workstation 12:34:40.0351 0816 ComputerName: xxx-PC 12:34:40.0351 0816 UserName: xxx 12:34:40.0351 0816 Windows directory: C:\Windows 12:34:40.0351 0816 System windows directory: C:\Windows 12:34:40.0351 0816 Running under WOW64 12:34:40.0351 0816 Processor architecture: Intel x64 12:34:40.0351 0816 Number of processors: 8 12:34:40.0351 0816 Page size: 0x1000 12:34:40.0351 0816 Boot type: Normal boot 12:34:40.0351 0816 ============================================================ 12:34:41.0459 0816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:34:41.0459 0816 ============================================================ 12:34:41.0459 0816 \Device\Harddisk0\DR0: 12:34:41.0459 0816 MBR partitions: 12:34:41.0459 0816 Initialize success 12:34:41.0459 0816 ============================================================ 12:34:48.0916 4652 ============================================================ 12:34:48.0916 4652 Scan started 12:34:48.0916 4652 Mode: Manual; SigCheck; TDLFS; 12:34:48.0916 4652 ============================================================ 12:34:49.0243 4652 1394ohci - ok 12:34:49.0243 4652 ACPI - ok 12:34:49.0259 4652 AcpiPmi - ok 12:34:49.0290 4652 AdobeARMservice - ok 12:34:49.0290 4652 adp94xx - ok 12:34:49.0306 4652 adpahci - ok 12:34:49.0306 4652 adpu320 - ok 12:34:49.0306 4652 AeLookupSvc - ok 12:34:49.0321 4652 AFD - ok 12:34:49.0321 4652 agp440 - ok 12:34:49.0321 4652 ALG - ok 12:34:49.0321 4652 aliide - ok 12:34:49.0321 4652 amdide - ok 12:34:49.0337 4652 AmdK8 - ok 12:34:49.0337 4652 AmdPPM - ok 12:34:49.0337 4652 amdsata - ok 12:34:49.0337 4652 amdsbs - ok 12:34:49.0337 4652 amdxata - ok 12:34:49.0353 4652 AmUStor - ok 12:34:49.0368 4652 AntiVirSchedulerService - ok 12:34:49.0384 4652 AntiVirService - ok 12:34:49.0399 4652 AppID - ok 12:34:49.0399 4652 AppIDSvc - ok 12:34:49.0415 4652 Appinfo - ok 12:34:49.0415 4652 arc - ok 12:34:49.0415 4652 arcsas - ok 12:34:49.0431 4652 ASLDRService - ok 12:34:49.0431 4652 ASMMAP64 - ok 12:34:49.0446 4652 AsyncMac - ok 12:34:49.0446 4652 atapi - ok 12:34:49.0462 4652 athr - ok 12:34:49.0462 4652 ATKGFNEXSrv - ok 12:34:49.0477 4652 atksgt - ok 12:34:49.0493 4652 ATKWMIACPIIO - ok 12:34:49.0509 4652 AudioEndpointBuilder - ok 12:34:49.0509 4652 AudioSrv - ok 12:34:49.0524 4652 avgntflt - ok 12:34:49.0524 4652 avipbb - ok 12:34:49.0524 4652 avkmgr - ok 12:34:49.0540 4652 AxInstSV - ok 12:34:49.0540 4652 b06bdrv - ok 12:34:49.0540 4652 b57nd60a - ok 12:34:49.0571 4652 BDESVC - ok 12:34:49.0571 4652 Beep - ok 12:34:49.0602 4652 BFE - ok 12:34:49.0602 4652 BITS - ok 12:34:49.0602 4652 blbdrive - ok 12:34:49.0602 4652 bowser - ok 12:34:49.0618 4652 BrFiltLo - ok 12:34:49.0618 4652 BrFiltUp - ok 12:34:49.0633 4652 BridgeMP - ok 12:34:49.0633 4652 Browser - ok 12:34:49.0633 4652 Brserid - ok 12:34:49.0633 4652 BrSerWdm - ok 12:34:49.0633 4652 BrUsbMdm - ok 12:34:49.0633 4652 BrUsbSer - ok 12:34:49.0649 4652 BTHMODEM - ok 12:34:49.0665 4652 bthserv - ok 12:34:49.0665 4652 catchme - ok 12:34:49.0665 4652 cdfs - ok 12:34:49.0665 4652 cdrom - ok 12:34:49.0680 4652 CertPropSvc - ok 12:34:49.0680 4652 circlass - ok 12:34:49.0680 4652 CLFS - ok 12:34:49.0696 4652 clr_optimization_v2.0.50727_32 - ok 12:34:49.0696 4652 clr_optimization_v2.0.50727_64 - ok 12:34:49.0711 4652 clr_optimization_v4.0.30319_32 - ok 12:34:49.0711 4652 clr_optimization_v4.0.30319_64 - ok 12:34:49.0711 4652 CmBatt - ok 12:34:49.0727 4652 cmdide - ok 12:34:49.0727 4652 CNG - ok 12:34:49.0727 4652 Compbatt - ok 12:34:49.0727 4652 CompositeBus - ok 12:34:49.0743 4652 COMSysApp - ok 12:34:49.0743 4652 cphs - ok 12:34:49.0743 4652 crcdisk - ok 12:34:49.0758 4652 CryptSvc - ok 12:34:49.0758 4652 DcomLaunch - ok 12:34:49.0758 4652 defragsvc - ok 12:34:49.0758 4652 DfsC - ok 12:34:49.0774 4652 Dhcp - ok 12:34:49.0774 4652 discache - ok 12:34:49.0774 4652 Disk - ok 12:34:49.0774 4652 Dnscache - ok 12:34:49.0774 4652 dot3svc - ok 12:34:49.0789 4652 DPS - ok 12:34:49.0789 4652 drmkaud - ok 12:34:49.0805 4652 DXGKrnl - ok 12:34:49.0805 4652 EapHost - ok 12:34:49.0805 4652 ebdrv - ok 12:34:49.0805 4652 EFS - ok 12:34:49.0805 4652 ehRecvr - ok 12:34:49.0805 4652 ehSched - ok 12:34:49.0805 4652 elxstor - ok 12:34:49.0821 4652 EPSON_EB_RPCV4_04 - ok 12:34:49.0821 4652 EPSON_PM_RPCV4_04 - ok 12:34:49.0821 4652 ErrDev - ok 12:34:49.0821 4652 EventSystem - ok 12:34:49.0836 4652 exfat - ok 12:34:49.0836 4652 fastfat - ok 12:34:49.0852 4652 Fax - ok 12:34:49.0852 4652 fdc - ok 12:34:49.0852 4652 fdPHost - ok 12:34:49.0852 4652 FDResPub - ok 12:34:49.0852 4652 FileInfo - ok 12:34:49.0852 4652 Filetrace - ok 12:34:49.0852 4652 flpydisk - ok 12:34:49.0852 4652 FltMgr - ok 12:34:49.0867 4652 FontCache - ok 12:34:49.0867 4652 FontCache3.0.0.0 - ok 12:34:49.0867 4652 FsDepends - ok 12:34:49.0867 4652 Fs_Rec - ok 12:34:49.0883 4652 fvevol - ok 12:34:49.0899 4652 gagp30kx - ok 12:34:49.0899 4652 gpsvc - ok 12:34:49.0899 4652 hcw85cir - ok 12:34:49.0899 4652 HdAudAddService - ok 12:34:49.0914 4652 HDAudBus - ok 12:34:49.0914 4652 HidBatt - ok 12:34:49.0914 4652 HidBth - ok 12:34:49.0914 4652 HidIr - ok 12:34:49.0914 4652 hidserv - ok 12:34:49.0930 4652 HidUsb - ok 12:34:49.0930 4652 hkmsvc - ok 12:34:49.0930 4652 HomeGroupListener - ok 12:34:49.0930 4652 HomeGroupProvider - ok 12:34:49.0945 4652 HpSAMD - ok 12:34:49.0945 4652 HTTP - ok 12:34:49.0945 4652 hwpolicy - ok 12:34:49.0945 4652 i8042prt - ok 12:34:49.0961 4652 iaStorV - ok 12:34:49.0961 4652 idsvc - ok 12:34:49.0961 4652 igfx - ok 12:34:49.0961 4652 iirsp - ok 12:34:49.0977 4652 IKEEXT - ok 12:34:50.0008 4652 IntcAzAudAddService - ok 12:34:50.0023 4652 IntcDAud - ok 12:34:50.0023 4652 intelide - ok 12:34:50.0023 4652 intelppm - ok 12:34:50.0039 4652 IPBusEnum - ok 12:34:50.0039 4652 IpFilterDriver - ok 12:34:50.0070 4652 iphlpsvc - ok 12:34:50.0070 4652 IPMIDRV - ok 12:34:50.0070 4652 IPNAT - ok 12:34:50.0086 4652 IRENUM - ok 12:34:50.0086 4652 isapnp - ok 12:34:50.0086 4652 iScsiPrt - ok 12:34:50.0086 4652 kbdclass - ok 12:34:50.0101 4652 kbdhid - ok 12:34:50.0101 4652 KeyIso - ok 12:34:50.0101 4652 KSecDD - ok 12:34:50.0101 4652 KSecPkg - ok 12:34:50.0101 4652 ksthunk - ok 12:34:50.0101 4652 KtmRm - ok 12:34:50.0117 4652 L1C - ok 12:34:50.0117 4652 LanmanServer - ok 12:34:50.0117 4652 LanmanWorkstation - ok 12:34:50.0133 4652 lirsgt - ok 12:34:50.0133 4652 lltdio - ok 12:34:50.0133 4652 lltdsvc - ok 12:34:50.0148 4652 lmhosts - ok 12:34:50.0164 4652 LSI_FC - ok 12:34:50.0164 4652 LSI_SAS - ok 12:34:50.0164 4652 LSI_SAS2 - ok 12:34:50.0179 4652 LSI_SCSI - ok 12:34:50.0179 4652 luafv - ok 12:34:50.0179 4652 MBAMProtector - ok 12:34:50.0179 4652 MBAMService - ok 12:34:50.0179 4652 Mcx2Svc - ok 12:34:50.0179 4652 megasas - ok 12:34:50.0179 4652 MegaSR - ok 12:34:50.0211 4652 MEIx64 - ok 12:34:50.0226 4652 Microsoft SharePoint Workspace Audit Service - ok 12:34:50.0226 4652 MMCSS - ok 12:34:50.0226 4652 Modem - ok 12:34:50.0226 4652 monitor - ok 12:34:50.0242 4652 mouclass - ok 12:34:50.0257 4652 mouhid - ok 12:34:50.0257 4652 mountmgr - ok 12:34:50.0273 4652 MpFilter - ok 12:34:50.0273 4652 mpio - ok 12:34:50.0273 4652 mpsdrv - ok 12:34:50.0289 4652 MRxDAV - ok 12:34:50.0289 4652 mrxsmb - ok 12:34:50.0289 4652 mrxsmb10 - ok 12:34:50.0289 4652 mrxsmb20 - ok 12:34:50.0289 4652 msahci - ok 12:34:50.0289 4652 msdsm - ok 12:34:50.0289 4652 MSDTC - ok 12:34:50.0304 4652 Msfs - ok 12:34:50.0320 4652 mshidkmdf - ok 12:34:50.0320 4652 msisadrv - ok 12:34:50.0320 4652 MSiSCSI - ok 12:34:50.0320 4652 msiserver - ok 12:34:50.0335 4652 MSKSSRV - ok 12:34:50.0335 4652 MSPCLOCK - ok 12:34:50.0335 4652 MSPQM - ok 12:34:50.0335 4652 MsRPC - ok 12:34:50.0351 4652 mssmbios - ok 12:34:50.0351 4652 MSTEE - ok 12:34:50.0351 4652 MTConfig - ok 12:34:50.0351 4652 Mup - ok 12:34:50.0351 4652 napagent - ok 12:34:50.0351 4652 NativeWifiP - ok 12:34:50.0413 4652 NAUpdate - ok 12:34:50.0445 4652 NDIS - ok 12:34:50.0445 4652 NdisCap - ok 12:34:50.0445 4652 NdisTapi - ok 12:34:50.0445 4652 Ndisuio - ok 12:34:50.0460 4652 NdisWan - ok 12:34:50.0460 4652 NDProxy - ok 12:34:50.0460 4652 NetBIOS - ok 12:34:50.0460 4652 NetBT - ok 12:34:50.0460 4652 Netlogon - ok 12:34:50.0476 4652 Netman - ok 12:34:50.0476 4652 netprofm - ok 12:34:50.0476 4652 NetTcpPortSharing - ok 12:34:50.0491 4652 nfrd960 - ok 12:34:50.0491 4652 NisDrv - ok 12:34:50.0491 4652 NisSrv - ok 12:34:50.0491 4652 NlaSvc - ok 12:34:50.0491 4652 Npfs - ok 12:34:50.0491 4652 nsi - ok 12:34:50.0507 4652 nsiproxy - ok 12:34:50.0507 4652 Ntfs - ok 12:34:50.0507 4652 Null - ok 12:34:50.0523 4652 nvlddmkm - ok 12:34:50.0523 4652 nvpciflt - ok 12:34:50.0523 4652 nvraid - ok 12:34:50.0523 4652 nvstor - ok 12:34:50.0538 4652 nvsvc - ok 12:34:50.0538 4652 nvUpdatusService - ok 12:34:50.0538 4652 nv_agp - ok 12:34:50.0538 4652 ohci1394 - ok 12:34:50.0554 4652 ose - ok 12:34:50.0585 4652 osppsvc - ok 12:34:50.0585 4652 p2pimsvc - ok 12:34:50.0585 4652 p2psvc - ok 12:34:50.0585 4652 Parport - ok 12:34:50.0585 4652 partmgr - ok 12:34:50.0601 4652 PcaSvc - ok 12:34:50.0601 4652 pci - ok 12:34:50.0601 4652 pciide - ok 12:34:50.0601 4652 pcmcia - ok 12:34:50.0601 4652 pcw - ok 12:34:50.0601 4652 PEAUTH - ok 12:34:50.0616 4652 PerfHost - ok 12:34:50.0616 4652 pla - ok 12:34:50.0616 4652 PlugPlay - ok 12:34:50.0632 4652 PNRPAutoReg - ok 12:34:50.0632 4652 PNRPsvc - ok 12:34:50.0632 4652 PolicyAgent - ok 12:34:50.0647 4652 Power - ok 12:34:50.0647 4652 PptpMiniport - ok 12:34:50.0647 4652 Processor - ok 12:34:50.0663 4652 ProfSvc - ok 12:34:50.0663 4652 ProtectedStorage - ok 12:34:50.0663 4652 Psched - ok 12:34:50.0663 4652 ql2300 - ok 12:34:50.0679 4652 ql40xx - ok 12:34:50.0679 4652 QWAVE - ok 12:34:50.0679 4652 QWAVEdrv - ok 12:34:50.0679 4652 RasAcd - ok 12:34:50.0679 4652 RasAgileVpn - ok 12:34:50.0694 4652 RasAuto - ok 12:34:50.0694 4652 Rasl2tp - ok 12:34:50.0694 4652 RasMan - ok 12:34:50.0694 4652 RasPppoe - ok 12:34:50.0694 4652 RasSstp - ok 12:34:50.0710 4652 rdbss - ok 12:34:50.0710 4652 rdpbus - ok 12:34:50.0710 4652 RDPCDD - ok 12:34:50.0710 4652 RDPENCDD - ok 12:34:50.0710 4652 RDPREFMP - ok 12:34:50.0710 4652 RDPWD - ok 12:34:50.0725 4652 rdyboost - ok 12:34:50.0725 4652 RemoteAccess - ok 12:34:50.0725 4652 RemoteRegistry - ok 12:34:50.0741 4652 RivaTuner64 - ok 12:34:50.0741 4652 RpcEptMapper - ok 12:34:50.0741 4652 RpcLocator - ok 12:34:50.0741 4652 RpcSs - ok 12:34:50.0741 4652 rspndr - ok 12:34:50.0741 4652 SamSs - ok 12:34:50.0741 4652 sbp2port - ok 12:34:50.0741 4652 SCardSvr - ok 12:34:50.0757 4652 scfilter - ok 12:34:50.0757 4652 Schedule - ok 12:34:50.0757 4652 SCPolicySvc - ok 12:34:50.0757 4652 SDRSVC - ok 12:34:50.0757 4652 secdrv - ok 12:34:50.0757 4652 seclogon - ok 12:34:50.0757 4652 SENS - ok 12:34:50.0772 4652 SensrSvc - ok 12:34:50.0772 4652 Serenum - ok 12:34:50.0788 4652 Serial - ok 12:34:50.0788 4652 sermouse - ok 12:34:50.0788 4652 SessionEnv - ok 12:34:50.0803 4652 sffdisk - ok 12:34:50.0803 4652 sffp_mmc - ok 12:34:50.0803 4652 sffp_sd - ok 12:34:50.0803 4652 sfloppy - ok 12:34:50.0835 4652 SharedAccess - ok 12:34:50.0835 4652 ShellHWDetection - ok 12:34:50.0835 4652 SiSRaid2 - ok 12:34:50.0835 4652 SiSRaid4 - ok 12:34:50.0850 4652 Smb - ok 12:34:50.0850 4652 SNMPTRAP - ok 12:34:50.0866 4652 speedfan - ok 12:34:50.0866 4652 spldr - ok 12:34:50.0866 4652 Spooler - ok 12:34:50.0866 4652 sppsvc - ok 12:34:50.0866 4652 sppuinotify - ok 12:34:50.0866 4652 srv - ok 12:34:50.0881 4652 srv2 - ok 12:34:50.0881 4652 srvnet - ok 12:34:50.0897 4652 SSDPSRV - ok 12:34:50.0897 4652 SstpSvc - ok 12:34:50.0897 4652 stexstor - ok 12:34:50.0897 4652 stisvc - ok 12:34:50.0897 4652 swenum - ok 12:34:50.0944 4652 SwitchBoard - ok 12:34:50.0944 4652 swprv - ok 12:34:50.0959 4652 SynTP - ok 12:34:50.0959 4652 SysMain - ok 12:34:50.0959 4652 TabletInputService - ok 12:34:50.0959 4652 TapiSrv - ok 12:34:50.0959 4652 TBS - ok 12:34:50.0959 4652 Tcpip - ok 12:34:50.0975 4652 TCPIP6 - ok 12:34:50.0975 4652 tcpipreg - ok 12:34:50.0991 4652 TDPIPE - ok 12:34:50.0991 4652 TDTCP - ok 12:34:50.0991 4652 tdx - ok 12:34:50.0991 4652 TermDD - ok 12:34:50.0991 4652 TermService - ok 12:34:50.0991 4652 Themes - ok 12:34:50.0991 4652 THREADORDER - ok 12:34:51.0006 4652 TrkWks - ok 12:34:51.0006 4652 TrustedInstaller - ok 12:34:51.0006 4652 tssecsrv - ok 12:34:51.0006 4652 TsUsbFlt - ok 12:34:51.0022 4652 tunnel - ok 12:34:51.0022 4652 TurboB - ok 12:34:51.0037 4652 TurboBoost - ok 12:34:51.0037 4652 uagp35 - ok 12:34:51.0037 4652 udfs - ok 12:34:51.0037 4652 UI0Detect - ok 12:34:51.0053 4652 uliagpkx - ok 12:34:51.0053 4652 umbus - ok 12:34:51.0053 4652 UmPass - ok 12:34:51.0053 4652 upnphost - ok 12:34:51.0084 4652 usbaudio - ok 12:34:51.0100 4652 usbccgp - ok 12:34:51.0100 4652 usbcir - ok 12:34:51.0100 4652 usbehci - ok 12:34:51.0100 4652 usbhub - ok 12:34:51.0100 4652 usbohci - ok 12:34:51.0115 4652 usbprint - ok 12:34:51.0115 4652 usbscan - ok 12:34:51.0115 4652 USBSTOR - ok 12:34:51.0115 4652 usbuhci - ok 12:34:51.0131 4652 usbvideo - ok 12:34:51.0131 4652 UxSms - ok 12:34:51.0131 4652 VaultSvc - ok 12:34:51.0131 4652 vdrvroot - ok 12:34:51.0131 4652 vds - ok 12:34:51.0131 4652 vga - ok 12:34:51.0131 4652 VgaSave - ok 12:34:51.0131 4652 vhdmp - ok 12:34:51.0147 4652 viaide - ok 12:34:51.0147 4652 volmgr - ok 12:34:51.0147 4652 volmgrx - ok 12:34:51.0147 4652 volsnap - ok 12:34:51.0162 4652 vsmraid - ok 12:34:51.0162 4652 VSS - ok 12:34:51.0162 4652 vwifibus - ok 12:34:51.0162 4652 vwififlt - ok 12:34:51.0178 4652 W32Time - ok 12:34:51.0178 4652 WacomPen - ok 12:34:51.0178 4652 WANARP - ok 12:34:51.0193 4652 Wanarpv6 - ok 12:34:51.0193 4652 wbengine - ok 12:34:51.0193 4652 WbioSrvc - ok 12:34:51.0193 4652 wcncsvc - ok 12:34:51.0193 4652 WcsPlugInService - ok 12:34:51.0193 4652 Wd - ok 12:34:51.0193 4652 Wdf01000 - ok 12:34:51.0209 4652 WdiServiceHost - ok 12:34:51.0209 4652 WdiSystemHost - ok 12:34:51.0209 4652 WebClient - ok 12:34:51.0209 4652 Wecsvc - ok 12:34:51.0209 4652 wercplsupport - ok 12:34:51.0209 4652 WerSvc - ok 12:34:51.0209 4652 WfpLwf - ok 12:34:51.0225 4652 WIMMount - ok 12:34:51.0225 4652 WinDefend - ok 12:34:51.0225 4652 WinHttpAutoProxySvc - ok 12:34:51.0225 4652 Winmgmt - ok 12:34:51.0225 4652 WinRM - ok 12:34:51.0303 4652 WinUsb - ok 12:34:51.0303 4652 Wlansvc - ok 12:34:51.0303 4652 wlidsvc - ok 12:34:51.0303 4652 WmiAcpi - ok 12:34:51.0318 4652 wmiApSrv - ok 12:34:51.0318 4652 WMPNetworkSvc - ok 12:34:51.0318 4652 WPCSvc - ok 12:34:51.0318 4652 WPDBusEnum - ok 12:34:51.0318 4652 ws2ifsl - ok 12:34:51.0318 4652 wscsvc - ok 12:34:51.0318 4652 WSearch - ok 12:34:51.0334 4652 wuauserv - ok 12:34:51.0334 4652 WudfPf - ok 12:34:51.0334 4652 WUDFRd - ok 12:34:51.0349 4652 wudfsvc - ok 12:34:51.0349 4652 WwanSvc - ok 12:34:51.0365 4652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:34:51.0802 4652 \Device\Harddisk0\DR0 - ok 12:34:51.0817 4652 ============================================================ 12:34:51.0817 4652 Scan finished 12:34:51.0817 4652 ============================================================ 12:34:51.0817 4780 Detected object count: 0 12:34:51.0817 4780 Actual detected object count: 0 12:35:46.0550 3296 ============================================================ 12:35:46.0550 3296 Scan started 12:35:46.0550 3296 Mode: Manual; SigCheck; TDLFS; 12:35:46.0550 3296 ============================================================ 12:35:46.0613 3296 1394ohci - ok 12:35:46.0613 3296 ACPI - ok 12:35:46.0628 3296 AcpiPmi - ok 12:35:46.0628 3296 AdobeARMservice - ok 12:35:46.0628 3296 adp94xx - ok 12:35:46.0628 3296 adpahci - ok 12:35:46.0628 3296 adpu320 - ok 12:35:46.0628 3296 AeLookupSvc - ok 12:35:46.0628 3296 AFD - ok 12:35:46.0628 3296 agp440 - ok 12:35:46.0644 3296 ALG - ok 12:35:46.0644 3296 aliide - ok 12:35:46.0644 3296 amdide - ok 12:35:46.0644 3296 AmdK8 - ok 12:35:46.0644 3296 AmdPPM - ok 12:35:46.0644 3296 amdsata - ok 12:35:46.0644 3296 amdsbs - ok 12:35:46.0644 3296 amdxata - ok 12:35:46.0659 3296 AmUStor - ok 12:35:46.0659 3296 AntiVirSchedulerService - ok 12:35:46.0659 3296 AntiVirService - ok 12:35:46.0659 3296 AppID - ok 12:35:46.0659 3296 AppIDSvc - ok 12:35:46.0659 3296 Appinfo - ok 12:35:46.0659 3296 arc - ok 12:35:46.0675 3296 arcsas - ok 12:35:46.0675 3296 ASLDRService - ok 12:35:46.0675 3296 ASMMAP64 - ok 12:35:46.0675 3296 AsyncMac - ok 12:35:46.0675 3296 atapi - ok 12:35:46.0675 3296 athr - ok 12:35:46.0675 3296 ATKGFNEXSrv - ok 12:35:46.0675 3296 atksgt - ok 12:35:46.0691 3296 ATKWMIACPIIO - ok 12:35:46.0691 3296 AudioEndpointBuilder - ok 12:35:46.0691 3296 AudioSrv - ok 12:35:46.0691 3296 avgntflt - ok 12:35:46.0691 3296 avipbb - ok 12:35:46.0691 3296 avkmgr - ok 12:35:46.0691 3296 AxInstSV - ok 12:35:46.0691 3296 b06bdrv - ok 12:35:46.0706 3296 b57nd60a - ok 12:35:46.0706 3296 BDESVC - ok 12:35:46.0706 3296 Beep - ok 12:35:46.0706 3296 BFE - ok 12:35:46.0706 3296 BITS - ok 12:35:46.0706 3296 blbdrive - ok 12:35:46.0706 3296 bowser - ok 12:35:46.0706 3296 BrFiltLo - ok 12:35:46.0722 3296 BrFiltUp - ok 12:35:46.0722 3296 BridgeMP - ok 12:35:46.0722 3296 Browser - ok 12:35:46.0722 3296 Brserid - ok 12:35:46.0722 3296 BrSerWdm - ok 12:35:46.0722 3296 BrUsbMdm - ok 12:35:46.0722 3296 BrUsbSer - ok 12:35:46.0722 3296 BTHMODEM - ok 12:35:46.0737 3296 bthserv - ok 12:35:46.0737 3296 catchme - ok 12:35:46.0737 3296 cdfs - ok 12:35:46.0737 3296 cdrom - ok 12:35:46.0737 3296 CertPropSvc - ok 12:35:46.0737 3296 circlass - ok 12:35:46.0737 3296 CLFS - ok 12:35:46.0753 3296 clr_optimization_v2.0.50727_32 - ok 12:35:46.0753 3296 clr_optimization_v2.0.50727_64 - ok 12:35:46.0753 3296 clr_optimization_v4.0.30319_32 - ok 12:35:46.0753 3296 clr_optimization_v4.0.30319_64 - ok 12:35:46.0753 3296 CmBatt - ok 12:35:46.0753 3296 cmdide - ok 12:35:46.0753 3296 CNG - ok 12:35:46.0769 3296 Compbatt - ok 12:35:46.0769 3296 CompositeBus - ok 12:35:46.0769 3296 COMSysApp - ok 12:35:46.0769 3296 cphs - ok 12:35:46.0769 3296 crcdisk - ok 12:35:46.0769 3296 CryptSvc - ok 12:35:46.0769 3296 DcomLaunch - ok 12:35:46.0784 3296 defragsvc - ok 12:35:46.0784 3296 DfsC - ok 12:35:46.0784 3296 Dhcp - ok 12:35:46.0784 3296 discache - ok 12:35:46.0784 3296 Disk - ok 12:35:46.0784 3296 Dnscache - ok 12:35:46.0784 3296 dot3svc - ok 12:35:46.0784 3296 DPS - ok 12:35:46.0800 3296 drmkaud - ok 12:35:46.0800 3296 DXGKrnl - ok 12:35:46.0800 3296 EapHost - ok 12:35:46.0800 3296 ebdrv - ok 12:35:46.0800 3296 EFS - ok 12:35:46.0800 3296 ehRecvr - ok 12:35:46.0800 3296 ehSched - ok 12:35:46.0800 3296 elxstor - ok 12:35:46.0815 3296 EPSON_EB_RPCV4_04 - ok 12:35:46.0815 3296 EPSON_PM_RPCV4_04 - ok 12:35:46.0815 3296 ErrDev - ok 12:35:46.0815 3296 EventSystem - ok 12:35:46.0815 3296 exfat - ok 12:35:46.0815 3296 fastfat - ok 12:35:46.0815 3296 Fax - ok 12:35:46.0831 3296 fdc - ok 12:35:46.0831 3296 fdPHost - ok 12:35:46.0831 3296 FDResPub - ok 12:35:46.0831 3296 FileInfo - ok 12:35:46.0831 3296 Filetrace - ok 12:35:46.0831 3296 flpydisk - ok 12:35:46.0831 3296 FltMgr - ok 12:35:46.0847 3296 FontCache - ok 12:35:46.0847 3296 FontCache3.0.0.0 - ok 12:35:46.0847 3296 FsDepends - ok 12:35:46.0847 3296 Fs_Rec - ok 12:35:46.0847 3296 fvevol - ok 12:35:46.0847 3296 gagp30kx - ok 12:35:46.0847 3296 gpsvc - ok 12:35:46.0847 3296 hcw85cir - ok 12:35:46.0862 3296 HdAudAddService - ok 12:35:46.0862 3296 HDAudBus - ok 12:35:46.0862 3296 HidBatt - ok 12:35:46.0862 3296 HidBth - ok 12:35:46.0862 3296 HidIr - ok 12:35:46.0862 3296 hidserv - ok 12:35:46.0862 3296 HidUsb - ok 12:35:46.0862 3296 hkmsvc - ok 12:35:46.0878 3296 HomeGroupListener - ok 12:35:46.0878 3296 HomeGroupProvider - ok 12:35:46.0878 3296 HpSAMD - ok 12:35:46.0878 3296 HTTP - ok 12:35:46.0878 3296 hwpolicy - ok 12:35:46.0878 3296 i8042prt - ok 12:35:46.0878 3296 iaStorV - ok 12:35:46.0893 3296 idsvc - ok 12:35:46.0893 3296 igfx - ok 12:35:46.0893 3296 iirsp - ok 12:35:46.0893 3296 IKEEXT - ok 12:35:46.0893 3296 IntcAzAudAddService - ok 12:35:46.0893 3296 IntcDAud - ok 12:35:46.0893 3296 intelide - ok 12:35:46.0909 3296 intelppm - ok 12:35:46.0909 3296 IPBusEnum - ok 12:35:46.0909 3296 IpFilterDriver - ok 12:35:46.0909 3296 iphlpsvc - ok 12:35:46.0909 3296 IPMIDRV - ok 12:35:46.0909 3296 IPNAT - ok 12:35:46.0909 3296 IRENUM - ok 12:35:46.0909 3296 isapnp - ok 12:35:46.0925 3296 iScsiPrt - ok 12:35:46.0925 3296 kbdclass - ok 12:35:46.0925 3296 kbdhid - ok 12:35:46.0925 3296 KeyIso - ok 12:35:46.0925 3296 KSecDD - ok 12:35:46.0925 3296 KSecPkg - ok 12:35:46.0925 3296 ksthunk - ok 12:35:46.0925 3296 KtmRm - ok 12:35:46.0940 3296 L1C - ok 12:35:46.0940 3296 LanmanServer - ok 12:35:46.0940 3296 LanmanWorkstation - ok 12:35:46.0940 3296 lirsgt - ok 12:35:46.0940 3296 lltdio - ok 12:35:46.0940 3296 lltdsvc - ok 12:35:46.0940 3296 lmhosts - ok 12:35:46.0956 3296 LSI_FC - ok 12:35:46.0956 3296 LSI_SAS - ok 12:35:46.0956 3296 LSI_SAS2 - ok 12:35:46.0956 3296 LSI_SCSI - ok 12:35:46.0956 3296 luafv - ok 12:35:46.0956 3296 MBAMProtector - ok 12:35:46.0956 3296 MBAMService - ok 12:35:46.0956 3296 Mcx2Svc - ok 12:35:46.0971 3296 megasas - ok 12:35:46.0971 3296 MegaSR - ok 12:35:46.0971 3296 MEIx64 - ok 12:35:46.0971 3296 Microsoft SharePoint Workspace Audit Service - ok 12:35:46.0971 3296 MMCSS - ok 12:35:46.0971 3296 Modem - ok 12:35:46.0971 3296 monitor - ok 12:35:46.0987 3296 mouclass - ok 12:35:46.0987 3296 mouhid - ok 12:35:46.0987 3296 mountmgr - ok 12:35:46.0987 3296 MpFilter - ok 12:35:46.0987 3296 mpio - ok 12:35:46.0987 3296 mpsdrv - ok 12:35:46.0987 3296 MRxDAV - ok 12:35:46.0987 3296 mrxsmb - ok 12:35:47.0003 3296 mrxsmb10 - ok 12:35:47.0003 3296 mrxsmb20 - ok 12:35:47.0003 3296 msahci - ok 12:35:47.0003 3296 msdsm - ok 12:35:47.0003 3296 MSDTC - ok 12:35:47.0003 3296 Msfs - ok 12:35:47.0003 3296 mshidkmdf - ok 12:35:47.0018 3296 msisadrv - ok 12:35:47.0018 3296 MSiSCSI - ok 12:35:47.0018 3296 msiserver - ok 12:35:47.0018 3296 MSKSSRV - ok 12:35:47.0018 3296 MSPCLOCK - ok 12:35:47.0018 3296 MSPQM - ok 12:35:47.0018 3296 MsRPC - ok 12:35:47.0018 3296 mssmbios - ok 12:35:47.0034 3296 MSTEE - ok 12:35:47.0034 3296 MTConfig - ok 12:35:47.0034 3296 Mup - ok 12:35:47.0034 3296 napagent - ok 12:35:47.0034 3296 NativeWifiP - ok 12:35:47.0034 3296 NAUpdate - ok 12:35:47.0034 3296 NDIS - ok 12:35:47.0049 3296 NdisCap - ok 12:35:47.0049 3296 NdisTapi - ok 12:35:47.0049 3296 Ndisuio - ok 12:35:47.0049 3296 NdisWan - ok 12:35:47.0049 3296 NDProxy - ok 12:35:47.0049 3296 NetBIOS - ok 12:35:47.0049 3296 NetBT - ok 12:35:47.0049 3296 Netlogon - ok 12:35:47.0065 3296 Netman - ok 12:35:47.0065 3296 netprofm - ok 12:35:47.0065 3296 NetTcpPortSharing - ok 12:35:47.0065 3296 nfrd960 - ok 12:35:47.0065 3296 NisDrv - ok 12:35:47.0065 3296 NisSrv - ok 12:35:47.0065 3296 NlaSvc - ok 12:35:47.0065 3296 Npfs - ok 12:35:47.0081 3296 nsi - ok 12:35:47.0081 3296 nsiproxy - ok 12:35:47.0081 3296 Ntfs - ok 12:35:47.0081 3296 Null - ok 12:35:47.0081 3296 nvlddmkm - ok 12:35:47.0081 3296 nvpciflt - ok 12:35:47.0081 3296 nvraid - ok 12:35:47.0096 3296 nvstor - ok 12:35:47.0096 3296 nvsvc - ok 12:35:47.0096 3296 nvUpdatusService - ok 12:35:47.0096 3296 nv_agp - ok 12:35:47.0096 3296 ohci1394 - ok 12:35:47.0096 3296 ose - ok 12:35:47.0096 3296 osppsvc - ok 12:35:47.0096 3296 p2pimsvc - ok 12:35:47.0112 3296 p2psvc - ok 12:35:47.0112 3296 Parport - ok 12:35:47.0112 3296 partmgr - ok 12:35:47.0112 3296 PcaSvc - ok 12:35:47.0112 3296 pci - ok 12:35:47.0112 3296 pciide - ok 12:35:47.0112 3296 pcmcia - ok 12:35:47.0127 3296 pcw - ok 12:35:47.0127 3296 PEAUTH - ok 12:35:47.0127 3296 PerfHost - ok 12:35:47.0127 3296 pla - ok 12:35:47.0127 3296 PlugPlay - ok 12:35:47.0127 3296 PNRPAutoReg - ok 12:35:47.0143 3296 PNRPsvc - ok 12:35:47.0143 3296 PolicyAgent - ok 12:35:47.0143 3296 Power - ok 12:35:47.0143 3296 PptpMiniport - ok 12:35:47.0143 3296 Processor - ok 12:35:47.0143 3296 ProfSvc - ok 12:35:47.0143 3296 ProtectedStorage - ok 12:35:47.0159 3296 Psched - ok 12:35:47.0159 3296 ql2300 - ok 12:35:47.0159 3296 ql40xx - ok 12:35:47.0159 3296 QWAVE - ok 12:35:47.0159 3296 QWAVEdrv - ok 12:35:47.0159 3296 RasAcd - ok 12:35:47.0159 3296 RasAgileVpn - ok 12:35:47.0159 3296 RasAuto - ok 12:35:47.0174 3296 Rasl2tp - ok 12:35:47.0174 3296 RasMan - ok 12:35:47.0174 3296 RasPppoe - ok 12:35:47.0174 3296 RasSstp - ok 12:35:47.0174 3296 rdbss - ok 12:35:47.0174 3296 rdpbus - ok 12:35:47.0174 3296 RDPCDD - ok 12:35:47.0190 3296 RDPENCDD - ok 12:35:47.0190 3296 RDPREFMP - ok 12:35:47.0190 3296 RDPWD - ok 12:35:47.0190 3296 rdyboost - ok 12:35:47.0190 3296 RemoteAccess - ok 12:35:47.0190 3296 RemoteRegistry - ok 12:35:47.0190 3296 RivaTuner64 - ok 12:35:47.0205 3296 RpcEptMapper - ok 12:35:47.0205 3296 RpcLocator - ok 12:35:47.0205 3296 RpcSs - ok 12:35:47.0205 3296 rspndr - ok 12:35:47.0205 3296 SamSs - ok 12:35:47.0205 3296 sbp2port - ok 12:35:47.0205 3296 SCardSvr - ok 12:35:47.0205 3296 scfilter - ok 12:35:47.0221 3296 Schedule - ok 12:35:47.0221 3296 SCPolicySvc - ok 12:35:47.0221 3296 SDRSVC - ok 12:35:47.0221 3296 secdrv - ok 12:35:47.0221 3296 seclogon - ok 12:35:47.0221 3296 SENS - ok 12:35:47.0221 3296 SensrSvc - ok 12:35:47.0221 3296 Serenum - ok 12:35:47.0237 3296 Serial - ok 12:35:47.0237 3296 sermouse - ok 12:35:47.0237 3296 SessionEnv - ok 12:35:47.0237 3296 sffdisk - ok 12:35:47.0237 3296 sffp_mmc - ok 12:35:47.0237 3296 sffp_sd - ok 12:35:47.0252 3296 sfloppy - ok 12:35:47.0252 3296 SharedAccess - ok 12:35:47.0252 3296 ShellHWDetection - ok 12:35:47.0252 3296 SiSRaid2 - ok 12:35:47.0252 3296 SiSRaid4 - ok 12:35:47.0252 3296 Smb - ok 12:35:47.0252 3296 SNMPTRAP - ok 12:35:47.0268 3296 speedfan - ok 12:35:47.0268 3296 spldr - ok 12:35:47.0268 3296 Spooler - ok 12:35:47.0268 3296 sppsvc - ok 12:35:47.0268 3296 sppuinotify - ok 12:35:47.0268 3296 srv - ok 12:35:47.0268 3296 srv2 - ok 12:35:47.0268 3296 srvnet - ok 12:35:47.0283 3296 SSDPSRV - ok 12:35:47.0283 3296 SstpSvc - ok 12:35:47.0283 3296 stexstor - ok 12:35:47.0283 3296 stisvc - ok 12:35:47.0283 3296 swenum - ok 12:35:47.0283 3296 SwitchBoard - ok 12:35:47.0283 3296 swprv - ok 12:35:47.0299 3296 SynTP - ok 12:35:47.0299 3296 SysMain - ok 12:35:47.0299 3296 TabletInputService - ok 12:35:47.0299 3296 TapiSrv - ok 12:35:47.0299 3296 TBS - ok 12:35:47.0299 3296 Tcpip - ok 12:35:47.0299 3296 TCPIP6 - ok 12:35:47.0315 3296 tcpipreg - ok 12:35:47.0315 3296 TDPIPE - ok 12:35:47.0315 3296 TDTCP - ok 12:35:47.0315 3296 tdx - ok 12:35:47.0315 3296 TermDD - ok 12:35:47.0315 3296 TermService - ok 12:35:47.0315 3296 Themes - ok 12:35:47.0315 3296 THREADORDER - ok 12:35:47.0330 3296 TrkWks - ok 12:35:47.0330 3296 TrustedInstaller - ok 12:35:47.0330 3296 tssecsrv - ok 12:35:47.0330 3296 TsUsbFlt - ok 12:35:47.0330 3296 tunnel - ok 12:35:47.0330 3296 TurboB - ok 12:35:47.0346 3296 TurboBoost - ok 12:35:47.0346 3296 uagp35 - ok 12:35:47.0346 3296 udfs - ok 12:35:47.0346 3296 UI0Detect - ok 12:35:47.0346 3296 uliagpkx - ok 12:35:47.0346 3296 umbus - ok 12:35:47.0346 3296 UmPass - ok 12:35:47.0361 3296 upnphost - ok 12:35:47.0361 3296 usbaudio - ok 12:35:47.0361 3296 usbccgp - ok 12:35:47.0361 3296 usbcir - ok 12:35:47.0361 3296 usbehci - ok 12:35:47.0361 3296 usbhub - ok 12:35:47.0361 3296 usbohci - ok 12:35:47.0377 3296 usbprint - ok 12:35:47.0377 3296 usbscan - ok 12:35:47.0377 3296 USBSTOR - ok 12:35:47.0377 3296 usbuhci - ok 12:35:47.0377 3296 usbvideo - ok 12:35:47.0377 3296 UxSms - ok 12:35:47.0377 3296 VaultSvc - ok 12:35:47.0377 3296 vdrvroot - ok 12:35:47.0393 3296 vds - ok 12:35:47.0393 3296 vga - ok 12:35:47.0393 3296 VgaSave - ok 12:35:47.0393 3296 vhdmp - ok 12:35:47.0393 3296 viaide - ok 12:35:47.0393 3296 volmgr - ok 12:35:47.0393 3296 volmgrx - ok 12:35:47.0408 3296 volsnap - ok 12:35:47.0408 3296 vsmraid - ok 12:35:47.0408 3296 VSS - ok 12:35:47.0408 3296 vwifibus - ok 12:35:47.0408 3296 vwififlt - ok 12:35:47.0408 3296 W32Time - ok 12:35:47.0424 3296 WacomPen - ok 12:35:47.0424 3296 WANARP - ok 12:35:47.0424 3296 Wanarpv6 - ok 12:35:47.0424 3296 wbengine - ok 12:35:47.0424 3296 WbioSrvc - ok 12:35:47.0424 3296 wcncsvc - ok 12:35:47.0424 3296 WcsPlugInService - ok 12:35:47.0424 3296 Wd - ok 12:35:47.0439 3296 Wdf01000 - ok 12:35:47.0439 3296 WdiServiceHost - ok 12:35:47.0439 3296 WdiSystemHost - ok 12:35:47.0439 3296 WebClient - ok 12:35:47.0439 3296 Wecsvc - ok 12:35:47.0439 3296 wercplsupport - ok 12:35:47.0439 3296 WerSvc - ok 12:35:47.0455 3296 WfpLwf - ok 12:35:47.0455 3296 WIMMount - ok 12:35:47.0455 3296 WinDefend - ok 12:35:47.0455 3296 WinHttpAutoProxySvc - ok 12:35:47.0455 3296 Winmgmt - ok 12:35:47.0455 3296 WinRM - ok 12:35:47.0471 3296 WinUsb - ok 12:35:47.0471 3296 Wlansvc - ok 12:35:47.0471 3296 wlidsvc - ok 12:35:47.0471 3296 WmiAcpi - ok 12:35:47.0471 3296 wmiApSrv - ok 12:35:47.0471 3296 WMPNetworkSvc - ok 12:35:47.0471 3296 WPCSvc - ok 12:35:47.0486 3296 WPDBusEnum - ok 12:35:47.0486 3296 ws2ifsl - ok 12:35:47.0486 3296 wscsvc - ok 12:35:47.0486 3296 WSearch - ok 12:35:47.0486 3296 wuauserv - ok 12:35:47.0486 3296 WudfPf - ok 12:35:47.0486 3296 WUDFRd - ok 12:35:47.0502 3296 wudfsvc - ok 12:35:47.0502 3296 WwanSvc - ok 12:35:47.0517 3296 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:35:47.0954 3296 \Device\Harddisk0\DR0 - ok 12:35:47.0954 3296 ============================================================ 12:35:47.0954 3296 Scan finished 12:35:47.0954 3296 ============================================================ 12:35:47.0970 4232 Detected object count: 0 12:35:47.0970 4232 Actual detected object count: 0 |
14.06.2012, 13:21 | #8 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, sieht gut aus... Noch Umleitungen, Meldungen etc. zu beobachten? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.06.2012, 13:39 | #9 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Ne nichts mehr. Nur leider lässt sich weiterhin die Firewall sowie das MSE von Windows selbst nicht aktivieren. |
14.06.2012, 14:00 | #10 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, Äh so eine Frage am Rande, OLT zeigt "Windows XP 64Bit" an, der Rest der Tools "Microsoft Windows 7 Home Premium". What denn nu? Bitte ein OTL-Log vom verseuchten Rechner posten...! Lade Dir Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe runter, starte ihn und wähle folgende Optionen aus:
Starte durch "Scan". Das Logfile (FSS.txt) wird in dem Arbeitsverzeichnis erstellt. Log hier posten chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.06.2012, 14:05 | #11 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Ähm, Info: Es ist ein Windows 7 64bit System mit Service Pack 1 das Original von Anfang an vorhanden war/ist auf diesem Netbook. Wieso dort jetzt genau XP steht ist mir ein Rätsel. Aber hier das gewünschte Log Farbar Service Scanner Version: 09-06-2012 Ran by xxx (administrator) on 14-06-2012 at 15:03:32 Running from "C:\Users\xxx\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Sorry, hatte die OTL log vergessen. Gerade noch einmal laufen gelassen. Und es steht weiterhin das gleiche. OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2012 15:06:23 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\xxx\Downloads 64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,15% Memory free 15,83 Gb Paging File | 13,31 Gb Available in Paging File | 84,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,79 Gb Total Space | 36,67 Gb Free Space | 41,76% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 47,04 Gb Free Space | 96,33% Space Free | Partition Type: NTFS Drive E: | 146,48 Gb Total Space | 112,46 Gb Free Space | 76,78% Space Free | Partition Type: NTFS Drive F: | 98,96 Gb Total Space | 41,29 Gb Free Space | 41,73% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 47,95 Gb Free Space | 98,20% Space Free | Partition Type: NTFS Drive H: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive V: | 24,98 Gb Total Space | 8,25 Gb Free Space | 33,02% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 12:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.10.18 18:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.10.03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.07.21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.07.09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.13 14:17:52 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2011.12.12 03:57:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.12 16:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2011.01.12 16:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.05 14:19:59 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.13 14:17:10 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 12:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.12.12 03:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.10.03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.18 13:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.06.12 21:43:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 44 77 6A 9A 2F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3C029863-5A9E-4C1A-BFB0-841706C2F7CB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=74c87902-9e49-4d89-ad51-9e0072680904&apn_sauid=8B189815-4DB4-4466-9EFA-4BF7D29ADD09 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8164FD10-88E7-48A2-9D65-3A4B295B95BA}&mid=f4a51c60e44847d0a3f2192946f9893d-27e70c9c1b65fbc185fa66cb7cb80d4a48e26481&lang=en&ds=pp011&pr=sa&d=2012-06-09 15:47:56&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: E:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\MICROS~1\Office14\NPSPWRAP.DLL CHR - Extension: TV = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Kingdom Rush = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YoWindow Wetter = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\1.30_0\ CHR - Extension: Super Mario World = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkihmbmfokomgcblenhedokepnlhjpmb\2.5_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Super Mario Bros = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbanmklbelbcamgokhjgcojkogbgkig\3.6_0\ CHR - Extension: Google Maps = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: Facebook Notifications = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.13 15:34:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [EPSON SX430 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\CHRIST~1\AppData\Local\Temp\E_S2DA5.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.5.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629DB53C-63F7-4B12-B094-804005A1F68A}: DhcpNameServer = 81.173.194.69 81.173.194.77 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 14:55:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.14 12:22:36 | 000,000,000 | ---D | C] -- C:\TDSS [2012.06.13 20:05:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ElevatedDiagnostics [2012.06.13 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.06.13 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.13 19:58:29 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.13 19:58:29 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.13 19:58:29 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.13 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.13 19:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.13 19:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.06.13 19:23:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Project-X_0.91.0 [2012.06.13 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\DoctorWeb [2012.06.13 15:39:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.13 15:38:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.13 15:27:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.13 15:27:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.13 15:27:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.13 15:14:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.13 15:14:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.06.13 15:06:21 | 004,556,459 | R--- | C] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2012.06.13 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.06.13 12:25:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 12:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2012.06.13 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.13 12:12:24 | 000,000,000 | ---D | C] -- D:\Simply Super Software [2012.06.13 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 12:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.06.13 12:04:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.06.13 11:52:01 | 000,000,000 | ---D | C] -- D:\Any Video Converter [2012.06.13 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.06.13 11:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.06.13 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012.06.13 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\4Videosoft Studio [2012.06.13 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Aiseesoft Studio [2012.06.13 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\XnView [2012.06.13 11:33:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.06.13 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{37851551-6739-4DBF-B6B0-DD21A168148B} [2012.06.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EE9D0652-F572-4129-AF8A-DE6AB63E35CF} [2012.06.12 21:43:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.06.12 21:38:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\GPUMonitor [2012.06.11 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.06.10 21:52:45 | 000,000,000 | ---D | C] -- D:\ANNO 1404 Venedig [2012.06.10 21:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2012.06.10 20:49:22 | 000,000,000 | ---D | C] -- D:\Nero [2012.06.10 20:40:30 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.06.10 19:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.06.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.06.10 19:55:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.10 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.06.10 19:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.06.10 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.06.10 19:52:13 | 000,000,000 | R--D | C] -- C:\MSOCache [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 [2012.06.10 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Nero [2012.06.10 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVD Shrink [2012.06.10 13:03:42 | 000,260,678 | ---- | C] (DVD Shrink) -- C:\Users\xxx\Desktop\DVD Shrink 2.3 German.exe [2012.06.10 13:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012.06.10 12:59:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero_AG [2012.06.10 12:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.10 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Nero [2012.06.10 11:23:16 | 000,000,000 | ---D | C] -- D:\NeroVision [2012.06.10 11:22:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nero [2012.06.10 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.06.10 11:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.06.10 11:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.06.10 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.06.10 11:01:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D1CE5C5E-77EA-4B62-B84E-E366858D7507} [2012.06.10 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{41116FC5-4735-4D5A-8294-A8672442D885} [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo [2012.06.09 15:47:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.09 11:07:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0306ADCF-9557-4830-9CE5-0DC49742F585} [2012.06.09 11:07:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1055FC-E5E4-43DC-AE51-1D4DF10A0BB4} [2012.06.06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EF90D0BF-87AC-4F72-83DC-AF927ED949B0} [2012.06.06 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7D3951A8-AD42-4AC1-9EEA-CC31720DB4D2} [2012.06.05 08:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F0F04F5-6EC1-4A76-BA41-EF197765B7A2} [2012.06.05 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6E0AEF98-4DDB-4491-A14B-8FC0F97D6131} [2012.06.04 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.04 20:50:39 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.06.04 20:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.06.04 20:50:36 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.06.04 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.06.04 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3313889D-BE15-4A6D-B0BA-1EB349481239} [2012.06.04 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72BA3D97-00D8-4BB4-B4A6-296E8711700D} [2012.06.03 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8E0123CF-4C2A-4C05-A8E5-CBFE4C9DDE4C} [2012.06.03 13:06:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB7927F3-437F-46A9-B20F-9066CF07E8E2} [2012.06.02 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{72EAC6AC-40C3-4A06-844C-921B0E9D12D2} [2012.06.02 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BDD0EB14-5C21-47FD-80A4-D095C6D1A6D3} [2012.06.01 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F7FBEF0E-C968-461E-A24B-ADF5FE67A59B} [2012.06.01 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D52D7AD4-509B-4F38-A716-9A1B7A077EAC} [2012.05.31 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C64387C-7727-4849-A399-49576C121E7D} [2012.05.31 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{642A039C-DE65-4AB5-9A89-B3AF62E594A6} [2012.05.31 11:59:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2AA8047C-617A-4098-BE0A-B61CBAD1F7DB} [2012.05.31 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4706BB82-F7B8-44B2-BBF3-41EA9689A5EB} [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.05.30 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.05.30 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3ADB0DAF-1354-4D98-805F-3342CD9C7E37} [2012.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F2CE015-9514-4467-A7A5-2150B96DDCD7} [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- D:\Diablo III [2012.05.29 13:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.29 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.29 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C4C05D51-1515-4E5C-A98A-33BFCFBC3B15} [2012.05.29 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C251031-8995-4C31-93FA-867A344F8319} [2012.05.28 20:44:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{303281CF-A4DE-4CA9-B157-1071A8B958CB} [2012.05.28 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0964C69F-B618-4208-B255-9560C58A875F} [2012.05.28 00:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2012.05.28 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2012.05.27 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{32323149-A646-435F-B5B8-8DB87EF167B6} [2012.05.27 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{46A6EB67-451D-409B-87D9-BEAD70E1C4FA} [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.05.26 23:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.05.26 22:38:07 | 000,000,000 | ---D | C] -- D:\Settlers7 [2012.05.26 22:21:51 | 000,000,000 | ---D | C] -- D:\ANNO 2070 [2012.05.26 22:14:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ubisoft Game Launcher [2012.05.26 22:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.05.26 21:48:46 | 000,000,000 | ---D | C] -- D:\OpenTTD [2012.05.26 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{937E7C9C-75E5-4583-9626-266359BBD2AA} [2012.05.26 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{12473144-2A72-4811-96AE-F33B6AAB1C7C} [2012.05.25 23:20:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{23FE6624-96C9-4C5B-9478-2C484768E26C} [2012.05.25 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4555DB9B-C99C-48F1-B402-3127DF50C6E3} [2012.05.24 21:36:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F1D9F76-E47D-492D-AEB4-FAB0DF1A81D1} [2012.05.24 21:36:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CCD1693C-DCA1-4A27-AF86-2F4E666B5154} [2012.05.23 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- D:\The Movies [2012.05.22 20:28:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.22 20:28:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.05.22 12:13:46 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012.05.22 12:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies [2012.05.22 12:10:00 | 000,000,000 | ---D | C] -- D:\MeinSpore-Kreationen [2012.05.22 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.05.22 12:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios [2012.05.22 11:42:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SAdK [2012.05.22 11:42:07 | 000,000,000 | ---D | C] -- D:\SAdK [2012.05.22 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.22 11:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAce [2012.05.22 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.22 11:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.05.22 11:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.05.22 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 11:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.05.22 10:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD [2012.05.22 10:02:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8A6BDC49-5067-4816-B4DD-E745E665F123} [2012.05.22 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{15E5F896-0511-4990-8EAE-61EF0B66A296} [2012.05.21 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9C33E8C4-2CD3-4873-B2BF-41AE94995EF2} [2012.05.21 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A7CEE673-4B79-4994-926A-F50F23ADBCC2} [2012.05.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F269E48E-0CC5-4ECE-BA62-21552B710E96} [2012.05.20 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{064CB7A5-1AAF-449A-96C2-ACEC300B881C} [2012.05.19 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3FBB5CC1-7068-452C-BBBD-068DE77864C6} [2012.05.19 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C1D0F75-AD7D-4E37-A26A-39C14039CF5E} [2012.05.18 12:59:51 | 000,000,000 | ---D | C] -- D:\Prüfung [2012.05.18 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C2AEBA9-0AA4-492A-9678-146520DDF3FA} [2012.05.18 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8D7DF2FD-C632-4D09-BF24-99EC008AABD4} [2012.05.16 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{38B432B8-2EF4-4733-A74F-9BA5549CFDA2} [2012.05.15 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0F7A5EAD-AA95-4F9C-8F32-E7CD498930FE} [2012.05.15 21:29:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C1E3F48D-22FF-44DA-A490-35E42D82AC7C} ========== Files - Modified Within 30 Days ========== [2012.06.14 14:55:37 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.06.14 14:55:06 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 14:55:06 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 14:55:06 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 14:55:06 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 14:16:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000UA.job [2012.06.14 12:24:24 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 12:24:24 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 12:16:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 12:16:33 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 20:45:34 | 000,036,892 | ---- | M] () -- C:\Windows\SysWow64\bassmod.dll [2012.06.13 19:58:42 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 19:30:55 | 2204,950,480 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001[remux].ts [2012.06.13 19:29:10 | 082,830,528 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.mp2 [2012.06.13 19:29:08 | 165,660,672 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.ac3 [2012.06.13 19:29:05 | 1839,685,232 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.m2v [2012.06.13 19:20:36 | 2146,893,824 | ---- | M] () -- C:\Users\xxx\Desktop\R_0001.trp [2012.06.13 16:31:29 | 087,010,728 | ---- | M] () -- C:\Users\xxx\Desktop\drweb-cureit.exe [2012.06.13 16:16:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201743549-792140521-1694852398-1000Core.job [2012.06.13 15:34:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.13 15:06:29 | 004,556,459 | R--- | M] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2012.06.13 13:59:11 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.06.13 12:25:59 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 11:51:43 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:32:01 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.12 21:48:17 | 000,000,412 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 13:40:46 | 000,043,740 | ---- | M] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.12 12:18:09 | 000,002,429 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.06.11 09:05:01 | 004,897,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.10 21:07:41 | 000,001,077 | ---- | M] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:49 | 000,001,037 | ---- | M] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | M] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | M] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | M] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:38:29 | 000,001,094 | ---- | M] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | M] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo ========== Files Created - No Company Name ========== [2012.06.13 19:58:42 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.13 19:29:15 | 2204,950,480 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001[remux].ts [2012.06.13 19:29:05 | 165,660,672 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.ac3 [2012.06.13 19:29:05 | 082,830,528 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.mp2 [2012.06.13 19:27:38 | 1839,685,232 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.m2v [2012.06.13 19:19:31 | 2146,893,824 | ---- | C] () -- C:\Users\xxx\Desktop\R_0001.trp [2012.06.13 16:28:00 | 087,010,728 | ---- | C] () -- C:\Users\xxx\Desktop\drweb-cureit.exe [2012.06.13 15:27:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.13 15:27:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.13 15:27:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.13 15:27:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.13 15:27:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.13 13:59:11 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.06.13 12:25:11 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 12:12:21 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.06.13 12:12:21 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.06.13 11:51:43 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\Any Video Converter.lnk [2012.06.13 11:09:36 | 000,057,344 | ---- | C] () -- C:\h2format.exe [2012.06.12 21:48:17 | 000,000,412 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.12 12:14:38 | 000,043,740 | ---- | C] () -- C:\Users\xxx\Desktop\Beine-Krieger-3105.xml [2012.06.10 21:07:41 | 000,001,077 | ---- | C] () -- C:\Users\xxx\Desktop\MegaTrainer eXperience.lnk [2012.06.10 15:52:37 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.06.10 15:52:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.06.10 15:09:29 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\The Movies Stunts & Spezialeffekte.lnk [2012.06.10 12:04:32 | 000,001,037 | ---- | C] () -- D:\hosts [2012.06.09 15:50:20 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.06.09 15:50:20 | 000,061,440 | ---- | C] () -- C:\Windows\diabswun.exe [2012.05.31 22:08:19 | 000,000,640 | ---- | C] () -- C:\Users\xxx\Desktop\Notepad++.lnk [2012.05.30 12:43:52 | 000,001,094 | ---- | C] () -- C:\Users\xxx\Desktop\kopf_krieger.xml [2012.05.26 23:02:50 | 000,001,014 | ---- | C] () -- C:\Users\xxx\Desktop\SpeedFan.lnk [2012.05.26 23:02:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.05.26 22:40:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.05.11 20:12:26 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.08 20:15:57 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2012.05.05 20:47:24 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.05.05 13:37:33 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.06.13 11:51:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft [2012.05.05 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.06.04 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.06.04 20:53:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.06 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2012.05.22 20:28:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lionhead Studios [2012.05.30 12:43:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++ [2012.06.13 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Simply Super Software [2012.06.13 11:33:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SpiritON TV Software [2012.05.22 12:10:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SPORE [2012.06.10 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.10 18:58:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft [2012.05.08 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.06.13 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\XnView [2009.07.14 07:08:49 | 000,021,294 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Geändert von Sueppi (14.06.2012 um 14:11 Uhr) |
14.06.2012, 14:13 | #12 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, Dein Besucher hat die Reg.Keys der Firewall gelöscht... Probiere das hier mal aus.. Wenn das nichts hilft, wie folgt vorgehen: Lade dir die Dateien BaseFilteringEngine und FireWallReg herunter und speichere sie auf dem Desktop. Starte sie per Doppelklick, Sicherheitsabfragen (Import/Zusammenführung etc.) erlauben. Danach den Rechner neu starten. Starte services.msc (Start/Run und dort services.msc eingeben und Enter), suche dann die Services base filtering engine und den windows firewall service... Dann sollte die Firewall wieder funktionieren.... MSE würde ich neu installieren: Download: Microsoft Security Essentials - Microsoft Download Center - Download Details chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.06.2012, 14:27 | #13 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Die erste Anleitung hat leider nicht gefruchtet. Und die beiden Dateien sind leider nicht mehr zum Laden, da sie gesperrt worden sind. |
14.06.2012, 15:05 | #14 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Hi, im Anhang.. Ich hatte den Link vorher geprüft, da hat er noch funktioniert... Beide Dateien ausführen (mit Reg. zusammenführen, Sicherheitswarnungen abnicken), dann: Code:
ATTFilter Windows+ R Taste und Regedit eingeben (Return) Navigiere zu: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Rechtsklicken, Berechtigungen auswählen "Hinzufügen" und "jeder" (everyone) eingeben Dann den eben zugewiesenen Benutzer (jeder) auswählen und ihm den "Vollzugriff" erlauben Danach: Windows+ R Taste und services.msc eingeben (Return) Den Dienst "base filtering engine service" und den "windows firewall service" suchen und die Startart (automatisch) überprüfen!
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.06.2012, 17:17 | #15 |
| TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden Okay. Soweit so gut. MSE Funktioniert wieder. Trojaner werden mir auch nicht mehr angezeigt. Das einzige was bis jetzt immer noch nicht funktioniert ist die Firewall. Alles so gemacht wie du es mir beschrieben hattest. Ein gutes hat es aber. Der Fehlercode 0x80070424 ist verschwunden. Jetzt steht in der Systemsteuerung/Windows-Firewall folgendes: "Firewalleinstellungen aktualisieren Die zum Schutz des Computers empfohlenen Einstellungen werden nicht von der Windows-Firewall verwendet." Bis hierhin schon einmal ein riesen großes DANKE! Okay. Nach dem ich jetzt hoffnungsvoll einige Programme wieder gestartet habe, merkte ich das die Leistung ordentlich gesunken ist. Von meinen 8 Kernen sind nur noch 6 Vorhanden. Zwei fehlen. Und von den 6 sind nur noch 2 Aktiv. Was sagt uns das? Nie wieder Softronic. Windows Defender ist auch Inaktiv. Ich werde jetzt das System neu aufsetzen. Aber herzlichen Danke noch einmal für deine Hilfe. Auch wenn ich jetzt diesen Entschluss gezogen habe. Schönen Abend euch/dir noch. Christian |
Themen zu TR/ATRAPS.GEN2 in C:/Windows/Installer/xxx/800000.32@ gefunden |
adblock, alternate, antivir, autorun, avira, avira searchfree toolbar, bho, bootstrapper, browser, canon, cid, converter, desktop, document, error, firefox, flash player, focus, format, google, helper, home, install.exe, installation, langs, logfile, microsoft office word, mp3, neu aufsetzen, nt.dll, nvidia update, nvpciflt.sys, object, plug-in, realtek, registry, rundll, scan, searchscopes, security, super, system neu, trojaner, version=1.0, wscript.exe |