| |
| |||||||
Log-Analyse und Auswertung: Trojaner oder Virus oder sonst was schädliches ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.11.2012, 22:30
| #1 |
 |  Trojaner oder Virus oder sonst was schädliches ? Hallo an alle helfende user ich habe da ein "kleines" , "großes" problem (Hilfe Fenster oder Firefox tab´s werden geöffnet) In unregelmäßigen abständen werden die windows hilfe und support fester geöffnet oder alternativ firefox tabs ( letzte mal 320 stk. ) die sich dann zu tode laden. Ich konnte noch keinen zusammenhang mit irgendwelchen programmen finden mal passiert es nach dem "energie sparmodus" aufwecken mal einfach so dann wieder paar tage nichts ( mit oder ohne internet verbindung immer unterschiedlich) hier mal die logfiles von OTL OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 22:04:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Masi\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,90 Gb Total Physical Memory | 13,45 Gb Available Physical Memory | 84,56% Memory free 31,80 Gb Paging File | 29,46 Gb Available in Paging File | 92,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 9,75 Gb Free Space | 13,09% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 259,87 Gb Free Space | 37,20% Space Free | Partition Type: NTFS Computer Name: MASI-01 | User Name: Masi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.23 21:56:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Masi\Desktop\OTL.exe PRC - [2012.11.15 15:50:05 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.23 06:43:32 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.04.23 06:43:15 | 002,458,944 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.04.23 06:42:58 | 000,362,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.04.23 06:42:57 | 000,276,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.04.23 06:42:56 | 000,162,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.12.19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 10:45:08 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8bb44e1dd221cada48308ce5f5d20561\IAStorUtil.ni.dll MOD - [2012.11.16 10:45:08 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0461c2bf4c5b235c0ca1d923c10d6849\IAStorCommon.ni.dll MOD - [2012.11.15 17:25:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.15 17:25:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.15 17:25:12 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.15 17:25:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.15 17:25:00 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.15 17:24:58 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 17:24:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.15 17:24:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.04.23 06:43:15 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.23 21:23:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.15 15:50:06 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.11.08 19:51:50 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.23 06:43:34 | 002,429,544 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.04.23 06:43:15 | 002,458,944 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.04.23 06:42:58 | 000,362,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.04.23 06:42:57 | 000,276,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.04.23 06:42:56 | 000,162,648 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.02.22 15:07:28 | 000,492,032 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.01.17 16:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.01.09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.12.19 19:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.12.19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.15 15:50:18 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.15 15:50:18 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.08 20:47:39 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.04.23 06:43:34 | 000,340,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.04.23 06:43:33 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.04.23 06:43:32 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.04.23 06:43:32 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.04.23 06:43:30 | 000,143,144 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.04.23 06:43:15 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.04.23 06:43:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 15:08:32 | 000,075,880 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf) DRV:64bit: - [2012.02.22 15:08:30 | 000,159,848 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (L1C) DRV:64bit: - [2012.02.20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.02.01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.14 14:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2011.12.13 11:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.12.13 11:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.24 16:40:02 | 000,113,792 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{F7315587-928E-455E-9F97-123A7366B32B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=204c19c7-ab1f-4f3d-b736-07deb40e5859&apn_sauid=FC4AE1DC-EB12-4EAA-B988-CDB0AFF97601 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=204c19c7-ab1f-4f3d-b736-07deb40e5859&apn_ptnrs=%5EAGS&apn_sauid=FC4AE1DC-EB12-4EAA-B988-CDB0AFF97601&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.23 21:23:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.08 19:07:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.08 19:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Masi\AppData\Roaming\mozilla\Extensions [2012.11.08 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.23 21:23:26 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BBE34B7-8F4D-492A-B51F-5D6243E3D20C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF63013-3511-47EB-B2A0-96FA023EB23A}: DhcpNameServer = 192.168.43.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 21:56:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Masi\Desktop\OTL.exe [2012.11.23 21:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.11.23 13:25:00 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Malwarebytes [2012.11.23 13:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.23 13:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.23 13:24:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.23 13:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.16 13:46:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.15 16:21:11 | 000,000,000 | ---D | C] -- C:\rsit [2012.11.14 15:27:44 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Adobe [2012.11.14 15:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.11.14 15:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.13 23:03:47 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\ElevatedDiagnostics [2012.11.13 23:03:44 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Diagnostics [2012.11.13 15:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.13 15:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.12 16:01:14 | 000,113,792 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\qcusbser.sys [2012.11.12 16:01:14 | 000,103,424 | ---- | C] (Thesycon GmbH) -- C:\Windows\SysWow64\MyDIT_GenClassCoInst.dll [2012.11.12 16:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSDPA USB Modem [2012.11.12 16:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HSDPA USB Modem [2012.11.12 15:48:52 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\vlc [2012.11.11 09:47:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.11.11 09:37:30 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.11.11 09:37:16 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.11.11 09:35:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.11.10 10:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.10 10:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.10 10:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.08 21:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.11.08 21:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2012.11.08 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\WinRAR [2012.11.08 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.08 21:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.08 21:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.11.08 21:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.08 21:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.11.08 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Masi\Application Data [2012.11.08 20:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.11.08 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.11.08 20:55:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.11.08 20:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.11.08 20:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.11.08 20:52:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent [2012.11.08 20:52:43 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Software [2012.11.08 20:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent [2012.11.08 20:52:41 | 000,000,000 | ---D | C] -- C:\Users\Masi\Documents\Tencent Files [2012.11.08 20:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent [2012.11.08 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Tencent [2012.11.08 20:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.11.08 20:47:39 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.11.08 20:47:37 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\DAEMON Tools Lite [2012.11.08 20:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.11.08 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.11.08 20:33:52 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.11.08 19:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.11.08 19:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.11.08 19:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.11.08 19:22:22 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Macromedia [2012.11.08 19:22:22 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Macromedia [2012.11.08 19:22:22 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Adobe [2012.11.08 19:22:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.11.08 19:22:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.11.08 19:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.11.08 19:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.08 19:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.08 19:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.11.08 19:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.08 19:07:55 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Thunderbird [2012.11.08 19:07:55 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Thunderbird [2012.11.08 19:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.11.08 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Mozilla [2012.11.08 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Mozilla [2012.11.08 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.08 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.08 19:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.08 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Avira [2012.11.08 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\DoNotTrackPlus [2012.11.08 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\AskToolbar [2012.11.08 18:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.11.08 18:55:31 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.08 18:55:31 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.08 18:55:31 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.08 18:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.08 18:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.08 18:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolby Home Theater v4 [2012.11.08 18:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [2012.11.08 18:31:47 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\WLANProfiles [2012.11.08 18:31:38 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Intel [2012.11.08 18:31:32 | 000,000,000 | ---D | C] -- C:\Users\Masi\Roaming [2012.11.08 18:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming [2012.11.08 18:30:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012.11.08 18:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.11.08 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel.sav [2012.11.08 18:28:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2012.11.08 18:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2012.11.08 18:27:33 | 005,018,408 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl [2012.11.08 18:27:33 | 000,143,144 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys [2012.11.08 18:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2012.11.08 18:26:31 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Intel Corporation [2012.11.08 18:24:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2012.11.08 18:24:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2012.11.08 18:23:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.11.08 18:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.11.08 18:22:56 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.11.08 18:22:56 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.11.08 18:22:56 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.11.08 18:22:56 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.11.08 18:22:56 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.11.08 18:22:55 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.11.08 18:22:55 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.11.08 18:22:55 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.11.08 18:22:55 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.11.08 18:22:52 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.11.08 18:22:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.11.08 18:22:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.11.08 18:22:52 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.11.08 18:22:52 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.11.08 18:22:52 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.11.08 18:22:49 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.11.08 18:22:49 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll [2012.11.08 18:22:49 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.11.08 18:22:49 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.11.08 18:22:49 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.11.08 18:22:49 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.11.08 18:22:49 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.11.08 18:22:48 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.11.08 18:22:48 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.11.08 18:22:48 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.11.08 18:22:48 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.11.08 18:22:48 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.11.08 18:22:45 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.11.08 18:22:45 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.11.08 18:22:45 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.11.08 18:22:45 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.11.08 18:22:45 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.11.08 18:22:45 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.11.08 18:22:45 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.11.08 18:22:44 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.11.08 18:22:44 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.11.08 18:22:44 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.11.08 18:22:44 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.11.08 18:22:44 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.11.08 18:22:44 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.11.08 18:22:44 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.11.08 18:22:44 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.11.08 18:22:44 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.11.08 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.11.08 18:22:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.11.08 18:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.11.08 18:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.08 18:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.08 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.08 18:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.11.08 18:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.11.08 18:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.11.08 18:19:45 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.11.08 18:19:45 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.08 18:18:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.11.08 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\InstallShield [2012.11.08 18:16:51 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.11.08 18:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.11.08 18:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.11.08 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.11.08 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.11.08 18:15:24 | 000,000,000 | ---D | C] -- C:\Intel [2012.11.08 18:14:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.11.08 18:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros [2012.11.08 18:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Bigfoot Networks [2012.11.08 18:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm Atheros [2012.11.08 18:14:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.08 18:11:45 | 000,000,000 | R--D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.08 18:11:45 | 000,000,000 | R--D | C] -- C:\Users\Masi\Searches [2012.11.08 18:11:45 | 000,000,000 | R--D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.08 18:11:39 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Identities [2012.11.08 18:11:38 | 000,000,000 | R--D | C] -- C:\Users\Masi\Contacts [2012.11.08 18:11:37 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\VirtualStore [2012.11.08 18:11:33 | 000,000,000 | --SD | C] -- C:\Users\Masi\AppData\Roaming\Microsoft [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Videos [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Saved Games [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Pictures [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Music [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Links [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Favorites [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Downloads [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Documents [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\Desktop [2012.11.08 18:11:33 | 000,000,000 | R--D | C] -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Vorlagen [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\AppData\Local\Verlauf [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\AppData\Local\Temporary Internet Files [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Startmenü [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\SendTo [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Recent [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Netzwerkumgebung [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Lokale Einstellungen [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Documents\Eigene Videos [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Documents\Eigene Musik [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Eigene Dateien [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Documents\Eigene Bilder [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Druckumgebung [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Cookies [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\AppData\Local\Anwendungsdaten [2012.11.08 18:11:33 | 000,000,000 | -HSD | C] -- C:\Users\Masi\Anwendungsdaten [2012.11.08 18:11:33 | 000,000,000 | -H-D | C] -- C:\Users\Masi\AppData [2012.11.08 18:11:33 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Temp [2012.11.08 18:11:33 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Local\Microsoft [2012.11.08 18:11:33 | 000,000,000 | ---D | C] -- C:\Users\Masi\AppData\Roaming\Media Center Programs [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2012.11.08 18:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.08 18:09:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.08 18:06:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.08 18:06:46 | 000,000,000 | ---D | C] -- C:\Windows\CSC ========== Files - Modified Within 30 Days ========== [2012.11.23 22:02:39 | 000,000,168 | ---- | M] () -- C:\Users\Masi\defogger_reenable [2012.11.23 21:56:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Masi\Desktop\OTL.exe [2012.11.23 21:56:23 | 000,050,477 | ---- | M] () -- C:\Users\Masi\Desktop\Defogger.exe [2012.11.23 21:40:05 | 000,010,410 | ---- | M] () -- C:\Users\Masi\Documents\hijackthis2 [2012.11.23 21:19:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.23 13:24:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.23 13:14:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.23 13:14:56 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.23 13:14:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.23 13:14:56 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.23 13:14:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.23 13:13:51 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 13:13:51 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 13:08:42 | 4213,768,190 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 17:17:57 | 000,287,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.15 16:17:17 | 000,880,274 | ---- | M] () -- C:\Users\Masi\AppData\Local\census.cache [2012.11.15 16:17:10 | 000,100,253 | ---- | M] () -- C:\Users\Masi\AppData\Local\ars.cache [2012.11.15 16:11:48 | 000,000,036 | ---- | M] () -- C:\Users\Masi\AppData\Local\housecall.guid.cache [2012.11.15 15:50:18 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.15 15:50:18 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.14 15:24:55 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.13 17:16:29 | 000,000,222 | ---- | M] () -- C:\Users\Masi\Desktop\Call of Duty Black Ops II.url [2012.11.13 17:16:29 | 000,000,222 | ---- | M] () -- C:\Users\Masi\Desktop\Call of Duty Black Ops II - Zombies.url [2012.11.13 17:16:29 | 000,000,222 | ---- | M] () -- C:\Users\Masi\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.11.13 15:52:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.12 16:01:14 | 000,001,065 | ---- | M] () -- C:\Users\Masi\Desktop\USB Modem.lnk [2012.11.09 14:37:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.09 14:37:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.08 21:03:55 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.11.08 21:03:07 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.08 20:57:00 | 000,002,703 | ---- | M] () -- C:\Users\Masi\Desktop\Microsoft Office Word 2003.lnk [2012.11.08 20:56:55 | 000,002,735 | ---- | M] () -- C:\Users\Masi\Desktop\Microsoft Office Excel 2003.lnk [2012.11.08 20:55:34 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2012.11.08 20:52:44 | 000,002,243 | ---- | M] () -- C:\Users\Masi\Desktop\Tencent QQ.lnk [2012.11.08 20:52:26 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2012.11.08 20:51:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.08 20:48:02 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.11.08 20:47:39 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.11.08 20:33:52 | 000,000,221 | ---- | M] () -- C:\Users\Masi\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2012.11.08 19:04:46 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.08 18:35:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf [2012.11.08 18:35:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf [2012.11.08 18:32:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.11.08 18:28:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2012.11.08 18:24:22 | 000,019,580 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.11.08 18:14:46 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk [2012.11.08 18:07:32 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.11.08 18:07:32 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2012.11.23 22:02:39 | 000,000,168 | ---- | C] () -- C:\Users\Masi\defogger_reenable [2012.11.23 21:56:22 | 000,050,477 | ---- | C] () -- C:\Users\Masi\Desktop\Defogger.exe [2012.11.23 21:40:05 | 000,010,410 | ---- | C] () -- C:\Users\Masi\Documents\hijackthis2 [2012.11.23 13:24:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 16:54:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 16:46:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 16:17:17 | 000,880,274 | ---- | C] () -- C:\Users\Masi\AppData\Local\census.cache [2012.11.15 16:17:10 | 000,100,253 | ---- | C] () -- C:\Users\Masi\AppData\Local\ars.cache [2012.11.15 16:11:48 | 000,000,036 | ---- | C] () -- C:\Users\Masi\AppData\Local\housecall.guid.cache [2012.11.14 15:24:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.14 15:24:54 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.13 17:16:29 | 000,000,222 | ---- | C] () -- C:\Users\Masi\Desktop\Call of Duty Black Ops II.url [2012.11.13 17:16:29 | 000,000,222 | ---- | C] () -- C:\Users\Masi\Desktop\Call of Duty Black Ops II - Zombies.url [2012.11.13 17:16:29 | 000,000,222 | ---- | C] () -- C:\Users\Masi\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.11.13 15:52:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.12 16:01:14 | 000,001,065 | ---- | C] () -- C:\Users\Masi\Desktop\USB Modem.lnk [2012.11.11 09:37:38 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.11.11 09:37:30 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.11.11 09:37:20 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2012.11.11 09:37:18 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2012.11.11 09:37:18 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.11.11 09:37:17 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.11.11 09:37:17 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.11.09 14:37:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.09 14:37:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.08 21:03:55 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.11.08 21:03:07 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.08 20:57:00 | 000,002,703 | ---- | C] () -- C:\Users\Masi\Desktop\Microsoft Office Word 2003.lnk [2012.11.08 20:56:55 | 000,002,735 | ---- | C] () -- C:\Users\Masi\Desktop\Microsoft Office Excel 2003.lnk [2012.11.08 20:55:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.11.08 20:52:44 | 000,002,243 | ---- | C] () -- C:\Users\Masi\Desktop\Tencent QQ.lnk [2012.11.08 20:52:26 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2012.11.08 20:51:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.08 20:48:02 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.11.08 20:33:52 | 000,000,221 | ---- | C] () -- C:\Users\Masi\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2012.11.08 19:07:52 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.11.08 19:04:46 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.08 19:04:46 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.08 18:35:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf [2012.11.08 18:35:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf [2012.11.08 18:32:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.11.08 18:28:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2012.11.08 18:24:22 | 000,019,580 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.11.08 18:22:52 | 000,202,904 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.11.08 18:21:51 | 002,487,744 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.11.08 18:21:39 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.08 18:19:45 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012.11.08 18:19:45 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.11.08 18:19:45 | 000,735,796 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin [2012.11.08 18:19:45 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.11.08 18:19:45 | 000,561,508 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin [2012.11.08 18:19:45 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2012.11.08 18:19:45 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012.11.08 18:19:45 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012.11.08 18:19:45 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012.11.08 18:19:45 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2012.11.08 18:19:45 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2012.11.08 18:19:45 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2012.11.08 18:15:57 | 000,015,128 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2012.11.08 18:14:46 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk [2012.11.08 18:11:48 | 000,001,409 | ---- | C] () -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.11.08 18:11:46 | 000,001,443 | ---- | C] () -- C:\Users\Masi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.08 18:06:42 | 4213,768,190 | -HS- | C] () -- C:\hiberfil.sys [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.13 15:54:26 | 000,000,000 | ---D | M] -- C:\Users\Masi\AppData\Roaming\DAEMON Tools Lite [2012.11.08 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Masi\AppData\Roaming\Tencent [2012.11.08 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\Masi\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > und hier die Extra file OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 22:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Masi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,90 Gb Total Physical Memory | 13,45 Gb Available Physical Memory | 84,56% Memory free
31,80 Gb Paging File | 29,46 Gb Available in Paging File | 92,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 9,75 Gb Free Space | 13,09% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 259,87 Gb Free Space | 37,20% Space Free | Partition Type: NTFS
Computer Name: MASI-01 | User Name: Masi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024A6E9B-D9D3-4673-B290-605FE386E205}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{07EECE55-5FBC-4EF9-A6D9-E44FBE1576F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C4219F5-7279-4550-8C0B-CD85AD55B8A5}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{0FFB0488-7256-4B11-92BF-889B95E00F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{121A1439-5F67-4B54-9487-4E538DABFBD8}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1BA27DDA-5FED-4A79-BE93-B6746F9E7819}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{1E93798B-814D-4660-95CC-BD9342404FD5}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{1EFB82AA-0D85-4CA4-BAC7-611C372FA9B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{48A50637-1ECB-4077-9464-6DE5503F1C0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{4A95A141-CE55-4F54-8A31-408A3DE6191F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{52B735D4-67B6-4C03-8ED3-E3D80A543C69}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{77395009-B7F1-46A1-9444-AE03C7A1459C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{7B6B58B0-4C64-40A1-8BBB-E058095B1563}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{7B8D5F47-97CD-49C8-BA5D-8EF91289C57B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{84F14710-98B9-443D-8C31-4451737F1ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{9355AA0F-FDA9-4675-A1BF-5FF4EC2E8142}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{AB88809F-B4EF-46B0-98D4-1BF00ED7CF70}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{BFD0D70A-0AD8-4E1C-AA09-1301391CA9D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{CBB29B15-7F62-4E49-8FA4-FCAD494EE2AB}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{DD33E6AF-C95C-4577-AF49-088282AB5166}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{E29B251E-F733-40B7-A6E7-454B9D5749BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{E2E1DFC1-119E-45B9-A70E-566785427D91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{E61D8955-27AF-438E-9335-3CE2CC97B691}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.7_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"HSDPA USB Modem Normal Version_is1" = HSDPA USB Modem version 4.752
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.11.2012 04:51:22 | Computer Name = Masi-01 | Source = ESENT | ID = 215
Description = WinMail (3920) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 11.11.2012 04:51:25 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.11.2012 10:50:38 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.11.2012 10:01:41 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.11.2012 10:04:00 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.11.2012 10:19:22 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.11.2012 10:25:05 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.11.2012 11:24:36 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 08:48:10 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 08:48:27 | Computer Name = Masi-01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Tencent\QQIntl\Bin\QQ.exe". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 18.11.2012 16:42:39 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 19.11.2012 23:42:04 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 19.11.2012 23:43:23 | Computer Name = Masi-01 | Source = DCOM | ID = 10005
Description =
Error - 19.11.2012 23:43:23 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 20.11.2012 10:22:58 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 20.11.2012 10:25:50 | Computer Name = Masi-01 | Source = DCOM | ID = 10005
Description =
Error - 20.11.2012 10:25:50 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.11.2012 09:11:29 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.11.2012 09:11:49 | Computer Name = Masi-01 | Source = DCOM | ID = 10005
Description =
Error - 21.11.2012 09:11:49 | Computer Name = Masi-01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Bluetooth OBEX Service" ist vom Dienst "Bluetooth-Unterstützungsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Geändert von Masi1711 (23.11.2012 um 22:37 Uhr) |
|
26.11.2012, 11:48
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner oder Virus oder sonst was schädliches ? Hi,
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ |
|
27.11.2012, 12:04
| #3 |
| | Trojaner oder Virus oder sonst was schädliches ? Moin
__________________sorry hat ein wenig länger gedauert aber nun hier die log Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 11:53:58
-----------------------------
11:53:58.122 OS Version: Windows x64 6.1.7601 Service Pack 1
11:53:58.122 Number of processors: 8 586 0x3A09
11:53:58.122 ComputerName: MASI-01 UserName: Masi
11:53:58.231 Initialize success
11:59:19.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:59:19.338 Disk 0 Vendor: INTEL_SS 4PC1 Size: 76319MB BusType: 3
11:59:19.338 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:59:19.338 Disk 1 Vendor: ST975042 0001 Size: 715404MB BusType: 3
11:59:19.338 Disk 0 MBR read successfully
11:59:19.338 Disk 0 MBR scan
11:59:19.354 Disk 0 Windows 7 default MBR code
11:59:19.354 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:59:19.354 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
11:59:19.354 Disk 0 scanning C:\Windows\system32\drivers
11:59:20.383 Service scanning
11:59:22.942 Modules scanning
11:59:22.942 Disk 0 trace - called modules:
11:59:22.957 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
11:59:22.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d3a1790]
11:59:22.973 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800cf629f0]
11:59:22.973 5 ACPI.sys[fffff88000f9d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cf65050]
11:59:22.973 Scan finished successfully
11:59:37.949 Disk 0 MBR has been saved successfully to "C:\Users\Masi\Desktop\MBR.dat"
11:59:37.964 The log file has been saved successfully to "C:\Users\Masi\Desktop\aswMBR1.txt"
|
|
27.11.2012, 13:08
| #4 | |
| /// the machine /// TB-Ausbilder | Trojaner oder Virus oder sonst was schädliches ?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2012, 14:31
| #5 |
| | Trojaner oder Virus oder sonst was schädliches ? diesmal etwas schneller und schon mal vielen vielen dank für deine hilfe Combofix Logfile: Code:
ATTFilter ComboFix 12-11-27.01 - Masi 27.11.2012 14:24:21.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16281.14285 [GMT 1:00]
ausgeführt von:: c:\users\Masi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-27 bis 2012-11-27 ))))))))))))))))))))))))))))))
.
.
2012-11-27 13:26 . 2012-11-27 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 20:27 . 2012-11-23 20:30 -------- d-----w- c:\programdata\SecTaskMan
2012-11-23 12:24 . 2012-11-23 12:24 -------- d-----w- c:\programdata\Malwarebytes
2012-11-23 12:24 . 2012-11-23 12:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-23 12:24 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-15 16:21 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-15 16:21 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-15 16:21 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-15 16:21 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-15 16:21 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-15 16:21 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-15 16:21 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-15 16:21 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-15 16:21 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-15 16:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-15 16:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-15 16:19 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-15 16:19 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-15 16:19 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-15 15:54 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-15 15:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 15:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 15:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 15:47 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-15 15:46 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 15:46 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 15:46 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 15:46 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 15:46 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 15:46 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 15:46 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 15:36 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 15:36 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 15:21 . 2012-11-15 15:21 -------- d-----w- C:\rsit
2012-11-14 14:24 . 2012-11-14 14:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-11-13 14:52 . 2012-11-13 14:52 -------- d-----w- c:\program files\CCleaner
2012-11-12 15:01 . 2008-03-24 15:40 113792 ----a-w- c:\windows\system32\drivers\qcusbser.sys
2012-11-12 15:01 . 2007-11-01 14:35 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll
2012-11-12 15:01 . 2012-11-12 15:01 -------- d-----w- c:\program files (x86)\HSDPA USB Modem
2012-11-11 08:47 . 2012-11-11 08:47 -------- d-----w- c:\windows\system32\SPReview
2012-11-11 08:41 . 2010-11-20 04:00 2560 ----a-w- c:\windows\system32\drivers\de-DE\rdpwd.sys.mui
2012-11-11 08:41 . 2010-11-20 03:59 6656 ----a-w- c:\windows\system32\drivers\de-DE\rdvgkmd.sys.mui
2012-11-11 08:41 . 2010-11-20 04:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-11-11 08:41 . 2010-11-20 04:01 4608 ----a-w- c:\windows\system32\drivers\de-DE\tsusbhub.sys.mui
2012-11-11 08:41 . 2010-11-20 04:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2012-11-11 08:41 . 2010-11-20 04:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2012-11-11 08:35 . 2012-11-11 08:35 -------- d-----w- c:\windows\system32\EventProviders
2012-11-10 09:24 . 2012-11-10 09:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-10 09:24 . 2012-11-10 09:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-10 09:24 . 2012-11-10 09:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-10 09:24 . 2012-11-10 09:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-10 09:24 . 2012-11-10 09:24 -------- d-----w- c:\program files (x86)\Java
2012-11-09 14:23 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-11-09 14:04 . 2012-11-09 14:04 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-11-09 14:04 . 2012-11-09 14:04 -------- d-----w- c:\windows\system32\wbem\en-US
2012-11-09 13:39 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-09 13:31 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-09 13:31 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-09 13:31 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-09 13:31 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-11-09 13:31 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-11-09 04:29 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-11-09 04:28 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-11-09 04:27 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-11-09 04:26 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-11-09 04:26 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-11-09 04:26 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-09 04:26 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-09 04:26 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-11-09 04:26 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-09 04:26 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-09 04:26 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-11-09 04:26 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-11-09 04:26 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-11-08 20:03 . 2012-11-08 20:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-11-08 20:03 . 2012-11-08 20:03 -------- d-----w- c:\program files\WinRAR
2012-11-08 20:03 . 2012-11-08 20:03 -------- d-----w- c:\program files\VideoLAN
2012-11-08 19:55 . 2012-11-10 08:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-11-08 19:55 . 2012-11-08 19:55 -------- d-----w- c:\windows\PCHEALTH
2012-11-08 19:52 . 2012-11-08 19:52 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-11-08 19:52 . 2012-11-08 19:52 -------- d-----w- c:\program files (x86)\Tencent
2012-11-08 19:52 . 2012-11-08 19:52 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-11-08 19:47 . 2012-11-08 19:47 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-08 19:47 . 2012-11-08 19:47 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-08 19:46 . 2012-11-08 19:53 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-11-08 18:51 . 2012-11-27 10:46 -------- d-----w- c:\program files (x86)\Steam
2012-11-08 18:51 . 2012-11-08 18:56 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-08 18:22 . 2012-11-08 18:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-08 18:22 . 2012-11-08 18:22 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 18:22 . 2012-11-08 18:22 -------- d-----w- c:\windows\SysWow64\Macromed
2012-11-08 18:22 . 2012-11-08 18:22 -------- d-----w- c:\windows\system32\Macromed
2012-11-08 18:15 . 2012-11-21 15:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-08 18:15 . 2012-11-08 18:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-08 18:07 . 2012-11-08 18:07 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-11-08 18:04 . 2012-11-23 20:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-08 17:55 . 2012-11-08 17:55 -------- d-----w- c:\program files (x86)\Ask.com
2012-11-08 17:55 . 2012-11-15 14:50 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-08 17:55 . 2012-11-15 14:50 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-08 17:55 . 2012-09-24 08:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-08 17:55 . 2012-11-08 17:56 -------- d-----w- c:\programdata\Avira
2012-11-08 17:55 . 2012-11-08 17:55 -------- d-----w- c:\program files (x86)\Avira
2012-11-08 17:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-11-08 17:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-11-08 17:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-11-08 17:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-08 17:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-08 17:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-11-08 17:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-11-08 17:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-11-08 17:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-11-08 17:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-11-08 17:51 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-08 17:51 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\program files (x86)\Dolby Home Theater v4
2012-11-08 17:31 . 2012-11-08 17:31 -------- d--h--w- c:\windows\system32\WLANProfiles
2012-11-08 17:31 . 2012-11-08 17:31 -------- d-----w- c:\users\Public\Roaming
2012-11-08 17:31 . 2012-11-08 17:31 -------- d-----w- c:\users\Default\Roaming
2012-11-08 17:30 . 2012-11-08 17:30 -------- d-----w- c:\program files (x86)\Cisco
2012-11-08 17:28 . 2012-11-08 17:28 -------- d-----w- c:\windows\SysWow64\sda
2012-11-08 17:28 . 2012-04-23 05:43 9888872 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-11-08 17:28 . 2012-04-23 05:43 340072 ----a-r- c:\windows\system32\drivers\RtsPStor.sys
2012-11-08 17:28 . 2012-04-23 05:43 16152 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2012-11-08 17:28 . 2012-04-23 05:43 788760 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2012-11-08 17:28 . 2012-04-23 05:43 356120 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2012-11-08 17:27 . 2012-11-08 17:27 -------- d-----w- c:\program files\Elantech
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-11 08:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-11-11 08:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-29 20:04 . 2009-10-14 05:12 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 01:22 . 2012-10-10 01:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 01:22 . 2012-10-10 01:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-10-10 01:22 . 2012-10-10 01:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 01:22 . 2012-10-10 01:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 01:22 . 2012-10-10 01:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 01:22 . 2012-10-10 01:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 01:22 . 2012-10-10 01:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2012-10-10 01:22 . 2012-10-10 01:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 01:22 . 2012-10-10 01:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 01:22 . 2012-10-10 01:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 01:22 . 2012-10-10 01:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 01:22 . 2012-10-10 01:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 01:22 . 2012-10-10 01:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-10-10 01:22 . 2012-10-10 01:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-10-10 01:22 . 2012-10-10 01:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 01:22 . 2012-10-10 01:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 01:22 . 2012-10-10 01:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-10-10 01:22 . 2012-10-10 01:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 01:22 . 2012-10-10 01:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2012-10-10 01:22 . 2012-10-10 01:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 01:22 . 2012-10-10 01:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 01:22 . 2012-10-10 01:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 01:22 . 2012-10-10 01:22 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 01:22 . 2012-10-10 01:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 01:22 . 2012-10-10 01:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-10-10 01:22 . 2012-10-10 01:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-10-10 01:22 . 2012-10-10 01:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 01:22 . 2012-10-10 01:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 01:22 . 2012-10-10 01:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 01:22 . 2012-10-10 01:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 01:22 . 2012-10-10 01:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 01:22 . 2012-10-10 01:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 01:22 . 2012-10-10 01:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-10-10 01:22 . 2012-10-10 01:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 01:22 . 2012-10-10 01:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 01:22 . 2012-10-10 01:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 01:22 . 2012-10-10 01:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 01:22 . 2012-10-10 01:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 01:22 . 2012-10-10 01:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 01:22 . 2012-10-10 01:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 01:22 . 2012-10-10 01:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-10-10 01:22 . 2012-10-10 01:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 01:22 . 2012-10-10 01:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 01:22 . 2012-10-10 01:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 01:22 . 2012-10-10 01:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 01:22 . 2012-10-10 01:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-10-10 01:22 . 2012-10-10 01:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 01:22 . 2012-10-10 01:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-10-10 01:22 . 2012-10-10 01:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 01:22 . 2012-10-10 01:22 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 01:22 . 2012-10-10 01:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 01:22 . 2012-10-10 01:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 01:22 . 2012-10-10 01:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 01:22 . 2012-10-10 01:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-10 01:22 . 2012-10-10 01:22 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-10 01:22 . 2012-10-10 01:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-10 01:22 . 2012-10-10 01:22 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin
2012-10-10 01:22 . 2012-10-10 01:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-11-08 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-23 291608]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-12-20 507744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-15 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-14 60416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 qcusbser;Mobile Connector;c:\windows\system32\DRIVERS\qcusbser.sys [2008-03-24 113792]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-11-15 561952]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R4 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-02-22 492032]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-04-23 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-04-23 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-02-22 75880]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-08 283200]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 84256]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-04-23 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-04-23 162648]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-04-23 362840]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-23 143144]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-04-23 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-04-23 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-04-23 788760]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys [2012-02-22 159848]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-04-23 340072]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-23 13374568]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-04-23 2277992]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-19 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\users\Masi\AppData\Roaming\Mozilla\Firefox\Profiles\tnkacivv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=204c19c7-ab1f-4f3d-b736-07deb40e5859&apn_ptnrs=%5EAGS&apn_sauid=FC4AE1DC-EB12-4EAA-B988-CDB0AFF97601&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-27 14:27:46
ComboFix-quarantined-files.txt 2012-11-27 13:27
.
Vor Suchlauf: 9.620.832.256 Bytes frei
Nach Suchlauf: 9.292.427.264 Bytes frei
.
- - End Of File - - 34023C171B77DF883268A1D2D40927AF
|
|
27.11.2012, 14:37
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner oder Virus oder sonst was schädliches ? Hi, Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Bitte Malwarebytes updaten, Quick Scan, Funde löschen lassen, Log posten. ESET Online Scanner
Und ein frisches OTL log bitte. Wie läuft der Rechner?
__________________ --> Trojaner oder Virus oder sonst was schädliches ? |
|
27.11.2012, 17:36
| #7 |
| | Trojaner oder Virus oder sonst was schädliches ? so der adwcleaner log Code:
ATTFilter # AdwCleaner v2.009 - Datei am 27/11/2012 um 16:12:03 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Masi - MASI-01
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Masi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\Masi\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Masi\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0 (de)
Profilname : default
Datei : C:\Users\Masi\AppData\Roaming\Mozilla\Firefox\Profiles\tnkacivv.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
*************************
AdwCleaner[S1].txt - [3606 octets] - [27/11/2012 16:12:03]
########## EOF - C:\AdwCleaner[S1].txt - [3666 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Masi :: MASI-01 [Administrator] Schutz: Aktiviert 27.11.2012 16:21:49 mbam-log-2012-11-27 (16-21-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225060 Laufzeit: 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c2e22dcdbc87b744ae0fab7c10f712af
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-27 03:28:17
# local_time=2012-11-27 04:28:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1636367 1636367 0 0
# compatibility_mode=5893 16776574 100 94 1409959 105659947 0 0
# compatibility_mode=8192 67108863 100 0 3662 3662 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
OTL SCAN wird mir gesagt das es zu viele zeichen sind ( auch wenn ich ihn alleine posten will ) soll ich es in ein archiv packen ? Geändert von Masi1711 (27.11.2012 um 17:43 Uhr) Grund: OTL SCAN fehlt |
|
27.11.2012, 18:26
| #8 |
| | Trojaner oder Virus oder sonst was schädliches ? hier der OTL scan |
|
27.11.2012, 19:25
| #9 |
| /// the machine /// TB-Ausbilder | Trojaner oder Virus oder sonst was schädliches ? Hi, Log ist sauber. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.11.2012, 01:25
| #10 |
| | Trojaner oder Virus oder sonst was schädliches ? bis jetzt läuft er sauber werde es morgen bzw heute übertag erneut testen und dann noch mal rückmeldund geben nochmals danke für deine hilfe |
|
28.11.2012, 07:55
| #11 |
| /// the machine /// TB-Ausbilder | Trojaner oder Virus oder sonst was schädliches ? Alles klar 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.11.2012, 18:16
| #12 |
| | Trojaner oder Virus oder sonst was schädliches ? so habe nun mal alles getestet bzw normal weiter genutzt und ich habe ne schlechte nachricht  der "fehler" ist noch nicht wirklich behoben ist es denn nen virus oder so oder ist es "nur" ne beschädigte windows installation ? wenn ja kann man die hilfe optionen nicht irgendwie unterbinden ? |
|
30.11.2012, 08:14
| #13 |
| /// the machine /// TB-Ausbilder | Trojaner oder Virus oder sonst was schädliches ? Definier mal bitte nochmal genau was der Fehler is, evtl noch nen Screenshot machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2012, 08:59
| #14 |
| | Trojaner oder Virus oder sonst was schädliches ? also laptop steht im sleep modus oder wird hochgefahren soweit alles gut dann wird zb ne externe maus oder aber nur steam gestartet bis hier soweit auch noch alles ok nach dann erneuten 30 min ca fängt es an das hilfe und support fenster öffnet sich und oder es werden die hilfe fenster von den jeweiligen programme geöffnet als alternative wird firefox geöffnet mit hunderten von tabs die sich totladen die hilfe fenster und firefox kann man dann nur beenden wenn man die prozess strucktur beendet sonst nicht und jedesmal ist dann die helpane.exe gestartet screenshot gibt es heute abend wenn ich zuhause bin |
|
30.11.2012, 09:29
| #15 |
| /// the machine /// TB-Ausbilder | Trojaner oder Virus oder sonst was schädliches ? Ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner oder Virus oder sonst was schädliches ? |
| antivir, avira, avira searchfree toolbar, bho, black, error, excel, fehler, firefox, flash player, focus, google, hijack, hijackthis, hilfe fenster, install.exe, installation, mozilla, nvidia update, nvpciflt.sys, ohne internet, plug-in, problem, realtek, registry, safer networking, scan, software, teamspeak, tencent, trojaner, unterschiedlich, usb, usb 3.0, virus, windows, windows xp |
Linear-Darstellung
