|
Plagegeister aller Art und deren Bekämpfung: Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer VorgehenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.08.2012, 14:47 | #1 |
| Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer Vorgehen Hallo zusammen Habe mir gestern den Virus eingefangen, der behauptete, ich habe musik runtergelden und ich soll das zahlen. Habe das natürlich nicht gemacht. Nun habe ich es schon mit diversen anleitunge, die von Kaspersky über Avast (mein Virenschutz; Avast free), avast neu draufinstalliert usw. Nichts mützt. Nun bin ich bei euch und werde mal den Malware byte anti malware installieren und nach eurer Anleitung vorgehen; Vorgehen beim Verschlüsselungs-Trojaner INFO: Windows Update Trojaner , v2.x > bitte Sendet uns die Viren! 1. Starte einen vollständigen Scan mit Anleitung: Malwarebytes Anti-Malware - Funde bitte in Quarantäne und nichts löschen. Am besten nichts selbst machen sondern Thema starten. 2. Befolge folgende Anweisungen: an alle Hilfesuchenden um den Rechner vollständig zu bereinigen. Das ist wichtig, denn der Rechner ist noch nicht sauber! 3. Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln: Übersicht der 8 Entschlüsselungs-Tools (DecryptHelper ScareUncrypt Avira Ransom File Unlocker RannohDecryptor Trustezeb.A Decryptor) Bin dann natürlich dankbar über jede Hilfe. Grüsse, Peter Also hier mal die Anti-Malware Logdatei; Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Peter :: PIT [Administrator] Schutz: Deaktiviert 31.08.2012 15:58:11 mbam-log-2012-08-31 (15-58-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232439 Laufzeit: 1 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 1 c:\windows\installer\{37e4d5fd-66a7-b066-4f9f-39fd2f67ee37}\syshost.exe (Backdoor.Agent) -> 3244 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Backdoor.Agent) -> Daten: C:\Windows\Installer\{37E4D5FD-66A7-B066-4F9F-39FD2F67EE37}\syshost.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\Users\Peter\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt. c:\windows\syshost.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. c:\users\defaultapppool\appdata\local\temp\syshost.exe (Spyware.Agent) -> Keine Aktion durchgeführt. c:\users\peter\appdata\local\temp\syshost.exe (Spyware.Agent) -> Keine Aktion durchgeführt. c:\users\updatususer\appdata\local\temp\syshost.exe (Spyware.Agent) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Keine Aktion durchgeführt. c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Keine Aktion durchgeführt. c:\windows\temp\syshost.exe (Spyware.Agent) -> Keine Aktion durchgeführt. c:\windows\installer\{37e4d5fd-66a7-b066-4f9f-39fd2f67ee37}\syshost.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. C:\Users\Peter\AppData\Local\Temp\aumoulkdpjyk.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Local\Temp\mvziazuqyjuxvkb.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Local\Temp\ncjoqzeradxeufaimuvloshd.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Local\Temp\riqiiqirqntliuwdqfa.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) *************** und hier nun die Dateien Extras.txt + OTL.Txt;OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 16:39:20 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Peter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 15.98 Gb Total Physical Memory | 13.89 Gb Available Physical Memory | 86.91% Memory free 31.95 Gb Paging File | 29.65 Gb Available in Paging File | 92.78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 362.64 Gb Free Space | 77.88% Space Free | Partition Type: NTFS Drive D: | 259.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: PIT | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BDBB90-39E5-438E-B1C5-23E618C0B62A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0EBB38B5-F470-485A-BE69-42EB09D5B9C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2272B240-3BE6-4751-A1A7-9FB244B0717C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2812B40B-BD17-4444-A57C-701F927601B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4857D69D-BAF6-4227-94A1-D216838C7AD7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{530378AF-210F-42FD-BF39-4682EB8A0FE8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{67C1FE00-942F-4DC1-88A4-56BAEF6DC871}" = rport=137 | protocol=17 | dir=out | app=system | "{6C9070ED-815E-4B2A-B9CE-7040155C7935}" = lport=445 | protocol=6 | dir=in | app=system | "{740810FE-0260-414A-9103-87BD6DD66633}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7C9762BF-707B-4A1A-AFD0-333A4FD9AA4E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{82303385-3573-4F9E-BCF5-55000FFFDD53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{84B11C57-B619-4100-98A2-F5DAAD440170}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8A1B0C4C-370A-4FE3-8606-C1603317C2C6}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{8B6E6F0C-0425-4B9A-AFE6-2C3A2DC19EB1}" = lport=138 | protocol=17 | dir=in | app=system | "{8C63A793-1A14-4171-A80B-602D002C1875}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{8E7203CE-2051-4FC0-9F01-43EC68CB0BC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A3FFE990-BC64-4F9A-8691-345B444B19D0}" = lport=139 | protocol=6 | dir=in | app=system | "{A6BAEF51-14DE-4F07-9F40-B68F7A5CC0A9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A9122FC0-3E7A-42CD-8389-AAEFB4266EB5}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{AB7DDDA3-794A-4F7C-A844-4685BC307E1A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{ADB5CE00-ED25-4B1C-9320-ED5CCE06A9CB}" = lport=2869 | protocol=6 | dir=in | app=system | "{AF1CBA00-27AE-457D-8E06-C3FA1D7AAAAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B1A39D81-7CE7-4903-A343-691C2BAEF3C1}" = rport=139 | protocol=6 | dir=out | app=system | "{B1CC0EF2-AA12-425D-8DBA-0105F7B8D11B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B1FC5C7B-4D90-41F6-9F5A-E7F9B8982E82}" = lport=137 | protocol=17 | dir=in | app=system | "{BBB04054-2AB3-47D2-9B2E-3CA51B3E7423}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C2F375FF-C0DD-4174-A470-26E20842F6CA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C96CD467-7ABD-40AA-9244-427339148A4E}" = rport=138 | protocol=17 | dir=out | app=system | "{DE710810-37F4-4DA9-86F5-9FA3346E8EB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E0F462E5-C98F-47F4-8E02-0C2CD8FFA850}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E143F4C7-185D-44C0-A560-E289A1C316D5}" = lport=10243 | protocol=6 | dir=in | app=system | "{E5F942C2-374D-4691-A7DF-6976C87E1558}" = rport=445 | protocol=6 | dir=out | app=system | "{E85F8721-2D00-4E58-AD1E-F40E4EC41AC6}" = rport=10243 | protocol=6 | dir=out | app=system | "{EEA93A09-BC8E-4BB9-B404-DA20903FE5EA}" = lport=3389 | protocol=6 | dir=in | app=system | "{EFC92995-EEB2-4678-90D8-05B2CAFAAEB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FA5D7EC2-B655-4A8D-A809-BF2091441BF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FBFD2C37-C46D-4871-96BE-CAC0C4185C1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05B939DE-F6FC-4B70-907D-B0F3271A9FEF}" = dir=out | name=core networking - system ip core | "{0B200253-8917-4CD9-BEBE-FA7852B196D7}" = dir=out | name=core networking - system ip core | "{108078EC-0AF6-4572-8F44-0EC20C4BA40E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{1328EC61-97E4-4F74-854E-B4310EB61CDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{13A12DD5-1997-4F80-95E9-8689115BCFE4}" = dir=in | name=core networking - system ip core | "{1407DA53-CBD5-4A0E-8F9B-574ECA724D31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1444B169-C215-4E08-864F-ECE555323DC0}" = dir=out | name=core networking - system ip core | "{20DC7562-CF57-414E-ACB0-5F58111929BD}" = dir=in | name=core networking - system ip core | "{22EC445B-DA0F-48AE-9CE6-9E9B957D4948}" = dir=in | name=core networking - system ip core | "{2A1CA798-41A5-4ACC-8D2C-26260A077846}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{2F2FD839-D280-4E43-89FD-B377E40608A4}" = dir=in | name=core networking - system ip core | "{35203369-06ED-4ABE-966A-063F8D084295}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{365CFA1A-891F-452F-AB19-D9439C50C90F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{39906FAE-584E-48B0-8F10-0B00F9D17F23}" = dir=out | name=core networking - system ip core | "{3A88A5B9-0016-4833-87DF-36D29099C315}" = dir=out | name=core networking - system ip core | "{3EDFC7BB-4E54-4087-B5A4-EF2596688AE7}" = dir=in | name=core networking - system ip core | "{3FE6CCAE-35FC-40E0-802D-1289AB7F291D}" = dir=out | name=core networking - system ip core | "{40E1F13A-8A80-4CE4-93F9-D016AC37605D}" = dir=out | name=core networking - system ip core | "{4826747E-A17B-44E5-93DA-81AC9816A48E}" = dir=in | name=core networking - system ip core | "{4ECA8C07-32D2-4055-84AE-8C6197075134}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{5041148E-8A0D-4884-B4FC-5F11F6EED94A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{53ABCB21-6CBB-46FD-9647-B7708FA932BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{55F4BE55-330F-4FB9-8BBC-3B623F27814E}" = dir=in | name=core networking - system ip core | "{5A5DDEF0-873C-40F4-A1BC-F5BBBFF5DC82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5C8DE61C-331E-422E-B96C-CB38DD1FE767}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5F89411F-A0FF-403A-8A7A-950CE72A2465}" = protocol=6 | dir=out | app=system | "{62DE17C8-E6E7-4643-BE27-E2DBB814129C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{65383524-1105-4E51-91C6-C7FB654FDA7E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{66246B8D-25D6-43A8-977F-7B1A8BD941CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{73F89680-FFF3-44AD-A693-31D001790DE8}" = dir=out | name=core networking - system ip core | "{74A98993-6680-44EF-BB22-B13ACACFD3CD}" = dir=out | name=core networking - system ip core | "{75B1A045-C258-4B13-95E8-946728F4DDD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{77D3ECF7-9F30-4F2A-A911-7142AABAACF3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{7BA1FE15-5BA7-4894-89E1-6B0DFEF333EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7BB52900-76AF-472D-8AD7-E0D9B969EA09}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7DB83BC0-2EDD-4F8A-9A58-1A870182C777}" = dir=in | name=core networking - system ip core | "{7E8F9B51-2BA2-4A39-A620-E90DFE939608}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{806E6108-E54A-4E5D-89F8-E006B6CD6EC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{83225FF4-9052-4403-B1EC-5DF87C94F119}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{84395398-40C6-4453-A556-6450E62779E3}" = dir=out | name=core networking - system ip core | "{8AB181D9-1452-47A7-AEA0-3F54DAE963D8}" = dir=in | name=core networking - system ip core | "{8BCF3F7B-2323-4E74-9336-C5CEBFBFD0D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8D585D58-FC9D-4757-8E18-D51897491626}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{91643528-B317-41CF-AA88-60ABF2D3D989}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{99679D0D-954E-4CAA-8343-9A6361AA1E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe | "{9B82A5DB-95BB-44C7-81D0-9EC8045A55AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9B8C20C0-995D-43D8-A396-39206E56ED30}" = dir=in | name=core networking - system ip core | "{9C4827C8-2E5E-4B2F-A6B6-C608D750021E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A6755A7E-0D84-4E6B-8AAB-1D611363BC11}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{AB5870BD-289E-42C3-8147-29906212F5BA}" = dir=in | name=core networking - system ip core | "{B08BC901-FA7B-4A4A-9A1E-0A83325EB278}" = dir=out | name=core networking - system ip core | "{B51BC1EE-5515-4712-BB40-722A7812EDB6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B8A23803-518F-41CB-BD33-28AD8BBE0607}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{BC415D2E-3660-4AAB-819F-DFE7F610B725}" = dir=out | name=core networking - system ip core | "{BDB22C70-6314-4084-9DBF-2318D1A17BE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BE160C1D-0BAF-40D0-90C1-1999BDA99D86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C0455F46-145A-4C9D-A5D7-CDDA563855EB}" = dir=in | name=core networking - system ip core | "{C122AF4C-C84A-45C6-95B4-44390E80C002}" = dir=in | name=core networking - system ip core | "{C2929AA7-B5C7-49EF-B315-A3D0C747AFEE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C4B243C9-C21D-470A-BD30-C7572FF8A818}" = dir=in | name=core networking - system ip core | "{C66EFAD8-566E-44C0-800B-2811D3446555}" = dir=in | name=core networking - system ip core | "{D0187BD5-1F5B-40C0-A88D-FB414E08A63D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D098666D-5160-45C9-9E55-D03E75877560}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DD791E54-EA97-4A88-8F20-7D61587C85E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EA6D4295-1E91-4499-B628-066489563EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{EA9B6334-F911-4FA0-BC69-F8BF48A43002}" = dir=out | name=core networking - system ip core | "{EE89A880-BCCF-41B8-8BC6-949BBF45F0A9}" = dir=out | name=core networking - system ip core | "{EFB88E3F-7D07-4D87-BB7B-4365112612F8}" = dir=out | name=core networking - system ip core | "{F5AD1DD9-DF8B-467B-B42D-4808B451428B}" = dir=in | name=core networking - system ip core | "{F8AA92BA-4279-4818-B3F0-EA079353A64D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F9141C21-BB29-47F6-A610-BA131FB80DC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F94CE190-D55A-41DB-9141-5983081D0EDB}" = dir=out | name=core networking - system ip core | "{FDDD5CA6-F1B3-44C1-A951-543C5D34BE21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FED3D496-6896-429B-BE38-2066BBE5CC29}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "TCP Query User{2ABF3456-CA46-4D07-914A-A2B8465CB63F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{7F5C3804-3CBA-487C-B53E-BA08A620C8D6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "TCP Query User{A2BAEE18-A366-41B5-B59C-8A71923D817E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{896E2D4A-7064-4270-8D99-742385E2F2EE}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{D4FFEAD2-3C02-4EA6-AE93-CB7FF9AAF9FA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{F3286F6B-F988-48C3-80AD-F8BF0639A176}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{61aa52d9-68e8-48f8-996b-2fd1e9001bc2}" = Nero 9 Essentials "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91E30407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0 "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Battlelog Web Plugins" = Battlelog Web Plugins "BlackBerry_Desktop" = BlackBerry Desktop Software 7.0 "EasyTax 2011 AG 1.0" = EasyTax 2011 AG 1.0 "ESN Sonar-0.70.4" = ESN Sonar "MagniDriver" = marvell 91xx console driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.06.2012 13:41:21 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.3.0.0, Zeitstempel: 0x4fa421a5 Name des fehlerhaften Moduls: bf3.exe, Version: 1.3.0.0, Zeitstempel: 0x4fa421a5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00d8b9e6 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung: 0x01cd513a5bef5c35 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung: a47e4d84-bd5a-11e1-9ed4-f46d049c662a Error - 29.06.2012 19:01:56 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17514, Zeitstempel: 0x4ce7b8e9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x4f4 Startzeit der fehlerhaften Anwendung: 0x01cd564b13b585ff Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 6c045fb0-c23e-11e1-a74c-f46d049c662a Error - 29.06.2012 19:31:36 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17514, Zeitstempel: 0x4ce7b8e9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x1984 Startzeit der fehlerhaften Anwendung: 0x01cd564e847facdb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 90f06231-c242-11e1-a74c-f46d049c662a Error - 08.07.2012 08:11:51 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17514, Zeitstempel: 0x4ce7b8e9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x1a20 Startzeit der fehlerhaften Anwendung: 0x01cd5cfdc4411ff0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 18cc9546-c8f6-11e1-9d5b-f46d049c662a Error - 08.07.2012 08:12:07 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17514, Zeitstempel: 0x4ce7b8e9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x1bc0 Startzeit der fehlerhaften Anwendung: 0x01cd5cfe5ebe5a78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 22b49619-c8f6-11e1-9d5b-f46d049c662a Error - 17.07.2012 17:27:12 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857, Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x10f4 Startzeit der fehlerhaften Anwendung: 0x01cd645e41c534d9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 2b7882dc-d056-11e1-8b66-f46d049c662a Error - 23.07.2012 16:56:03 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857, Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x10c4 Startzeit der fehlerhaften Anwendung: 0x01cd691534dff190 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: cff5cf8f-d508-11e1-a482-f46d049c662a Error - 23.07.2012 16:57:22 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857, Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x1550 Startzeit der fehlerhaften Anwendung: 0x01cd691598408bf3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: ff0c2e40-d508-11e1-a482-f46d049c662a Error - 24.07.2012 02:37:17 | Computer Name = Pit | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7601.17857, Zeitstempel: 0x4fcee2f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e64f ID des fehlerhaften Prozesses: 0x404 Startzeit der fehlerhaften Anwendung: 0x01cd69666b169706 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\msxml3.dll Berichtskennung: 026d6329-d55a-11e1-8b93-f46d049c662a Error - 25.08.2012 08:25:51 | Computer Name = Pit | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9d4 Startzeit: 01cd82b689f2c7c5 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 00bb39b1-eeb0-11e1-a5e2-00268315efa5 Error - 25.08.2012 09:32:16 | Computer Name = Pit | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17d4 Startzeit: 01cd82c600282154 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 480c568c-eeb9-11e1-a5e2-00268315efa5 [ System Events ] Error - 31.08.2012 10:10:44 | Computer Name = Pit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%5 Error - 31.08.2012 10:12:06 | Computer Name = Pit | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 31.08.2012 10:12:06 | Computer Name = Pit | Source = Service Control Manager | ID = 7001 Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 31.08.2012 10:12:07 | Computer Name = Pit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: %%5 Error - 31.08.2012 10:30:04 | Computer Name = Pit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: %%5 Error - 31.08.2012 10:30:11 | Computer Name = Pit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: %%5 Error - 31.08.2012 10:30:17 | Computer Name = Pit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: %%5 Error - 31.08.2012 10:32:04 | Computer Name = Pit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%5 Error - 31.08.2012 10:37:31 | Computer Name = Pit | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error - 31.08.2012 10:37:31 | Computer Name = Pit | Source = Service Control Manager | ID = 7001 Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 < End of report > ******************** OTL;OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 16:39:20 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Peter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 15.98 Gb Total Physical Memory | 13.89 Gb Available Physical Memory | 86.91% Memory free 31.95 Gb Paging File | 29.65 Gb Available in Paging File | 92.78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 362.64 Gb Free Space | 77.88% Space Free | Partition Type: NTFS Drive D: | 259.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: PIT | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 15:48:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe PRC - [2012.08.14 22:21:14 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.19 00:58:03 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.02.22 17:05:36 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.12.07 16:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2010.12.02 10:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.11.16 10:38:22 | 000,654,464 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe PRC - [2010.11.10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010.11.09 10:34:26 | 002,529,920 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.10.12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2010.09.28 15:47:10 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2010.05.18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe ========== Modules (No Company Name) ========== MOD - [2012.08.14 22:21:14 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll MOD - [2012.07.19 00:58:03 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.12.30 22:15:40 | 001,656,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll MOD - [2010.12.03 16:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.12.02 17:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010.12.01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.11.19 10:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.11.19 10:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2010.11.16 10:37:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll MOD - [2010.11.11 03:09:26 | 000,703,488 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.09.27 20:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.09.27 20:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2010.09.19 21:52:50 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll MOD - [2010.08.23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.07.30 11:28:32 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiEx.dll MOD - [2010.07.15 20:04:40 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll MOD - [2010.07.15 20:04:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll MOD - [2010.07.15 20:04:40 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll MOD - [2010.06.23 05:54:36 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2010.02.24 10:56:40 | 000,661,504 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll MOD - [2009.05.21 04:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2007.10.31 11:51:00 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.30 14:51:24 | 000,085,952 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\96e7915ff1485006.sys -- (96e7915ff1485006) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.08.14 22:21:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.19 00:58:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.22 17:05:36 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.05.18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.30 14:51:24 | 000,085,952 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\96e7915ff1485006.sys -- (96e7915ff1485006) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.11 04:50:35 | 000,022,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.12.11 04:50:35 | 000,016,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.12.11 04:50:32 | 000,066,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64.sys -- (Point64) DRV:64bit: - [2011.07.25 17:44:46 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.01.12 19:43:40 | 000,037,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 51 B6 2C 3A 6B CC 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {3F0694B2-3D99-466c-9D68-441A71469390} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3F0694B2-3D99-466c-9D68-441A71469390}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{610550C2-CBF7-4462-89B9-5C6362507301}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:58:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.11 22:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions [2012.05.02 21:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\rnksvfwb.default\extensions [2012.06.08 01:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.19 00:58:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.09 22:29:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.09 22:29:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.09 22:29:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.09 22:29:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.09 22:29:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.09 22:29:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [syshost32] C:\Windows\Installer\{37E4D5FD-66A7-B066-4F9F-39FD2F67EE37}\syshost.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C803832D-DE43-4908-A2A3-2C1FA5466D54}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 16:39:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2012.08.31 16:35:04 | 000,000,000 | R--D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.08.31 15:56:30 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes [2012.08.31 15:56:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.31 15:56:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.31 15:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.31 14:21:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.08.30 14:49:19 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Grills [2012.08.26 20:23:46 | 000,000,000 | ---D | C] -- C:\MediaphorAG [2012.08.20 15:06:28 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\pdfforge [2012.08.20 15:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.08.20 15:06:27 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.08.20 15:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.08.20 09:52:19 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Peter Bewerben ========== Files - Modified Within 30 Days ========== [2012.08.31 16:41:22 | 001,775,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.31 16:41:22 | 000,762,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.31 16:41:22 | 000,706,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.31 16:41:22 | 000,170,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.31 16:41:22 | 000,138,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.31 16:35:04 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.08.31 16:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 16:34:47 | 4276,781,054 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 16:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.31 16:08:11 | 000,000,000 | ---- | M] () -- C:\Users\Peter\defogger_reenable [2012.08.31 15:56:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.31 15:48:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2012.08.31 15:48:16 | 000,050,477 | ---- | M] () -- C:\Users\Peter\Desktop\Defogger.exe [2012.08.31 15:34:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.08.31 14:59:55 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 14:59:55 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 00:17:05 | 000,000,177 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\default.rss [2012.08.31 00:11:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.08.30 14:51:24 | 000,085,952 | ---- | M] () -- C:\Windows\SysNative\drivers\96e7915ff1485006.sys [2012.08.30 14:03:40 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.08.30 14:03:40 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.30 14:03:15 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.08.30 13:05:18 | 000,418,484 | ---- | M] () -- C:\Users\Peter\Desktop\P1000058.JPG [2012.08.30 13:05:01 | 000,429,182 | ---- | M] () -- C:\Users\Peter\Desktop\P1000057.JPG [2012.08.30 13:04:21 | 000,425,211 | ---- | M] () -- C:\Users\Peter\Desktop\P1000049.JPG [2012.08.28 17:58:04 | 000,607,007 | ---- | M] () -- C:\Users\Peter\Documents\Arztzeugnis_2.pdf [2012.08.28 09:55:39 | 021,026,550 | ---- | M] () -- C:\Users\Peter\Desktop\XTZ 660 Bedienungsanleitung_1.pdf [2012.08.28 09:54:32 | 021,026,550 | ---- | M] () -- C:\Users\Peter\Desktop\XTZ 660 Bedienungsanleitung.pdf [2012.08.28 09:50:12 | 007,811,257 | ---- | M] () -- C:\Users\Peter\Desktop\11D-F8199-G0.pdf [2012.08.26 20:22:18 | 000,742,400 | ---- | M] () -- C:\Users\Peter\Desktop\Präsentation Ausbildung_28-1_v2.pps [2012.08.26 15:57:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.08.25 14:42:51 | 001,795,286 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.21 17:18:24 | 000,616,505 | ---- | M] () -- C:\Users\Peter\Desktop\Arztzeugnis_peme.pdf [2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.08.20 15:35:16 | 000,232,281 | ---- | M] () -- C:\Users\Peter\LohnberV2-1.pdf [2012.08.20 15:35:00 | 000,140,613 | ---- | M] () -- C:\Users\Peter\Versicherung Allianz Yamaha.pdf [2012.08.20 15:34:47 | 000,325,894 | ---- | M] () -- C:\Users\Peter\Verkehrszulassung_FZ_2012.pdf [2012.08.20 15:34:03 | 000,647,885 | ---- | M] () -- C:\Users\Peter\dehnuebungen-2012-ebook-joggen-online.pdf [2012.08.20 15:06:28 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.20 15:06:28 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.16 22:31:58 | 000,006,144 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.16 18:31:43 | 000,416,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.31 16:08:11 | 000,000,000 | ---- | C] () -- C:\Users\Peter\defogger_reenable [2012.08.31 15:56:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.31 15:48:16 | 000,050,477 | ---- | C] () -- C:\Users\Peter\Desktop\Defogger.exe [2012.08.30 14:51:24 | 000,085,952 | ---- | C] () -- C:\Windows\SysNative\drivers\96e7915ff1485006.sys [2012.08.30 13:03:25 | 000,418,484 | ---- | C] () -- C:\Users\Peter\Desktop\P1000058.JPG [2012.08.30 13:03:23 | 000,429,182 | ---- | C] () -- C:\Users\Peter\Desktop\P1000057.JPG [2012.08.30 13:03:17 | 000,425,211 | ---- | C] () -- C:\Users\Peter\Desktop\P1000049.JPG [2012.08.28 17:58:04 | 000,607,007 | ---- | C] () -- C:\Users\Peter\Documents\Arztzeugnis_2.pdf [2012.08.28 09:55:23 | 021,026,550 | ---- | C] () -- C:\Users\Peter\Desktop\XTZ 660 Bedienungsanleitung_1.pdf [2012.08.28 09:52:57 | 021,026,550 | ---- | C] () -- C:\Users\Peter\Desktop\XTZ 660 Bedienungsanleitung.pdf [2012.08.28 09:50:11 | 007,811,257 | ---- | C] () -- C:\Users\Peter\Desktop\11D-F8199-G0.pdf [2012.08.26 20:24:09 | 008,453,742 | ---- | C] () -- C:\Users\Peter\Documents\vollversion_winload_pdfbundle.exe [2012.08.26 19:36:22 | 000,742,400 | ---- | C] () -- C:\Users\Peter\Desktop\Präsentation Ausbildung_28-1_v2.pps [2012.08.21 17:18:24 | 000,616,505 | ---- | C] () -- C:\Users\Peter\Desktop\Arztzeugnis_peme.pdf [2012.08.20 15:36:05 | 000,247,507 | ---- | C] () -- C:\Users\Peter\Beck_Vorschlag.xps [2012.08.20 15:35:16 | 000,232,281 | ---- | C] () -- C:\Users\Peter\LohnberV2-1.pdf [2012.08.20 15:35:00 | 000,140,613 | ---- | C] () -- C:\Users\Peter\Versicherung Allianz Yamaha.pdf [2012.08.20 15:34:47 | 000,325,894 | ---- | C] () -- C:\Users\Peter\Verkehrszulassung_FZ_2012.pdf [2012.08.20 15:34:02 | 000,647,885 | ---- | C] () -- C:\Users\Peter\dehnuebungen-2012-ebook-joggen-online.pdf [2012.08.20 15:06:28 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.20 15:06:28 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.16 00:27:48 | 000,552,960 | ---- | C] () -- C:\Windows\SysNative\drivers\bthport.sys [2012.08.15 18:06:02 | 003,148,800 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2012.06.19 23:11:23 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.06 19:26:50 | 000,000,057 | ---- | C] () -- C:\Windows\DcmLtbox-WS.ini [2012.04.05 21:39:55 | 000,006,144 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.13 14:26:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.10.23 11:22:26 | 000,000,177 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\default.rss [2011.10.23 11:22:26 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\downloads.m3u [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.14 07:26:20 | 001,795,286 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.12 16:07:34 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.09.12 16:07:34 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011.09.12 15:49:11 | 001,390,002 | ---- | C] () -- C:\Users\Peter\ve_technics_sl-ql5_supp.pdf [2011.09.12 15:48:56 | 004,114,629 | ---- | C] () -- C:\Users\Peter\ve_technics_sl-ql5_service.pdf [2011.09.05 00:40:31 | 000,007,600 | ---- | C] () -- C:\Users\Peter\AppData\Local\Resmon.ResmonCfg [2011.09.05 00:29:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.04 21:23:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.09.04 21:23:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.04 19:03:51 | 000,037,548 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.09.04 18:50:24 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll [2011.09.04 18:47:05 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.09.04 18:47:02 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.09.04 18:45:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.09.04 18:45:09 | 000,025,177 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2012.07.09 18:20:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\EasyTax [2011.11.19 12:09:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech [2012.05.05 02:37:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Need for Speed World [2012.08.10 21:32:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Origin [2012.08.20 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\pdfforge [2012.07.11 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Research In Motion [2012.04.24 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TeamViewer [2011.11.06 00:32:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TS3Client [2011.11.06 00:03:44 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ts3overlay [2012.08.31 16:34:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > So, ich wart nun mal bis mir vielleicht Jemand einen Tip geben kann. 2. Problem, soeben erschienen?? Das Beste ist gerade jetzt noch passiert. Windows meldet mir, ich hätte kein Original Windows installiert, wobei das nicht stimmt und ich die Originlaverpackung mit der License hier liegen habe. Aber die Meldung kommt immer wieder. Grüsse und Besten Dank im voraus Peter So, ich wart nun mal bis mir vielleicht Jemand einen Tip geben kann. 2. Problem, soeben erschienen?? Das Beste ist gerade jetzt noch passiert. Windows meldet mir, ich hätte kein Original Windows installiert, wobei das nicht stimmt und ich die Originlaverpackung mit der License hier liegen habe. Aber die Meldung kommt immer wieder. Grüsse und Besten Dank im voraus Peter --------------------- Backdoor.Agent c:\windows\installer\{37e4d5fd-66a7-b066-4f9f-39fd2f67ee37}\syshost.exeAdware.Agent C:\Users\Peter\Downloads\PDFCreatorSetup.exeTrojan.Downloader c:\windows\syshost.exeSpyware.Agent c:\users\defaultapppool\appdata\local\temp\syshost.exeTrojan.Phex.THAGen6 C:\Users\Peter\AppData\Local\Temp\aumoulkdpjyk.exe |
01.09.2012, 03:12 | #2 |
/// Helfer-Team | Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer VorgehenDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL SRV:64bit: - [2012.08.30 14:51:24 | 000,085,952 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\96e7915ff1485006.sys -- (96e7915ff1485006) DRV:64bit: - [2012.08.30 14:51:24 | 000,085,952 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\96e7915ff1485006.sys -- (96e7915ff1485006) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {3F0694B2-3D99-466c-9D68-441A71469390} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3F0694B2-3D99-466c-9D68-441A71469390}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{610550C2-CBF7-4462-89B9-5C6362507301}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O4 - HKLM..\Run: [syshost32] C:\Windows\Installer\{37E4D5FD-66A7-B066-4F9F-39FD2F67EE37}\syshost.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 :Files C:\Users\Peter\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Peter\AppData\Local\Temp\*.exe C:\Users\Peter\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk %SystemRoot%\System32\*.tmp %SystemRoot%\SysWOW64\*.tmp ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
02.09.2012, 19:10 | #3 |
| Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer Vorgehen Hallo t'John
__________________Herzlichen Dank für Deine Hilfe. Leiderkonnte ich gestern plötzlich gar nichts mehr auf de mPC machen und habe mich dann entschlossen, alles neu aufzusetzen. Habe die Festplate mit "Daten-Shreder" gewiped und dann angefangen neu aufzusetzen. Bin nun in den ketzten Atemzügen und drum auch hier. Also, nochmals herzlichen Dank für Deine Mühe. Gruss, Peter |
02.09.2012, 20:25 | #4 |
/// Helfer-Team | Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer Vorgehen Gute Entscheidung Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
Themen zu Suisa Virus eingefangen, avast lässt sich nicht mehr starten, alles versucht ausser euer Vorgehen |
2.0.7, 7-zip, adware.agent, anti, avast, avira, backdoor.agent, daten wiederherstellen, diverse, entschlüsseln, free, helper, install.exe, kaspersky, langs, locker, malware, malwarebytes, neu, nvidia update, origin, plug-in, rechner, schutz, spyware.agent, starten, trojan.downloader, trojan.phex.thagen, trojan.phex.thagen6, update, virenschutz, windows, windows update |