| |
| |||||||
Log-Analyse und Auswertung: user/**/documents/services/svchost.exe - ja ne, ist klarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.02.2013, 16:10
| #1 |
| |  user/**/documents/services/svchost.exe - ja ne, ist klar Hi, heute hat sich Avira gemeldet, dass unter C:/User/***/Documents/Windows/winsvchost.exe ein Schädling registriert wurde. Das Mistding hat sich selber ständig gelöscht und tauchte wieder auf, somit war ein Scan via Virustotal weder möglich noch wirklich sinnvoll - die Sache ist eigentlich klar. Unter C:/User/***/Documents/Services/ befindet sich eine Datei svchost.exe . Nur die. Alarmglocken an. Bitte nehmts mir nicht übel, ich habs Naja ZDNet hat irgendwie den Support eingestellt (danke an Humdinger), daher probier ich es mal bei euch  hier mein OTL: Code:
ATTFilter OTL logfile created on: 25.02.2013 15:18:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 12,92 Gb Available Physical Memory | 81,01% Memory free 31,90 Gb Paging File | 28,52 Gb Available in Paging File | 89,41% Paging File free Paging file location(s): h:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 25,52 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 126,19 Gb Free Space | 54,19% Space Free | Partition Type: NTFS Drive E: | 153,38 Gb Total Space | 98,34 Gb Free Space | 64,12% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 25,90 Gb Free Space | 1,39% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 313,97 Gb Free Space | 22,47% Space Free | Partition Type: NTFS Drive H: | 596,17 Gb Total Space | 571,73 Gb Free Space | 95,90% Space Free | Partition Type: NTFS Drive I: | 149,05 Gb Total Space | 147,75 Gb Free Space | 99,12% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 545,28 Gb Free Space | 58,54% Space Free | Partition Type: NTFS Drive K: | 7,40 Gb Total Space | 7,31 Gb Free Space | 98,74% Space Free | Partition Type: NTFS Computer Name: **********- | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.25 15:18:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe PRC - [2013.02.25 15:17:37 | 000,050,477 | ---- | M] () -- H:\Defogger.exe PRC - [2013.02.20 10:26:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.02.18 18:29:38 | 000,098,816 | ---- | M] () -- C:\Users\**********\Documents\Services\svchost.exe PRC - [2013.02.12 18:26:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 18:24:55 | 000,640,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2013.02.12 18:24:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.12 18:24:47 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.02.03 02:03:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.06.28 23:44:18 | 000,775,560 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.12 15:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe ========== Modules (No Company Name) ========== MOD - [2013.02.25 15:17:37 | 000,050,477 | ---- | M] () -- H:\Defogger.exe MOD - [2013.02.20 10:26:51 | 003,067,288 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.18 18:29:38 | 000,098,816 | ---- | M] () -- C:\Users\**********\Documents\Services\svchost.exe MOD - [2013.02.18 09:08:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.05 22:28:17 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll MOD - [2013.02.05 22:28:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll MOD - [2013.02.03 14:43:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.03 14:43:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.03 14:43:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.03 14:43:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.03 14:43:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.03 14:43:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.03 14:43:38 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.02 23:22:57 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll MOD - [2012.06.28 23:44:18 | 000,775,560 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe MOD - [2012.06.28 23:44:18 | 000,148,872 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.01 02:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll MOD - [2010.03.09 22:58:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.19 07:12:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 18:26:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 18:24:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.03 02:03:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.01 19:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.03 01:01:13 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.03 01:01:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.29 00:09:32 | 001,327,616 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.07.20 02:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.25 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 24 A6 4A 85 12 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.6 FF - prefs.js..extensions.enabledAddons: facebook%40disconnect.me:2.1.3 FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:26:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 10:26:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 10:26:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 10:26:50 | 000,000,000 | ---D | M] [2013.02.12 21:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Extensions [2013.02.23 11:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\txvl5yxi.default\extensions [2013.02.12 21:55:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\txvl5yxi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.02.12 21:55:49 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\txvl5yxi.default\extensions\ich@maltegoetz.de [2013.02.12 21:55:49 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\txvl5yxi.default\extensions\autopager@mozilla.org.xpi [2013.02.12 21:55:49 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\txvl5yxi.default\extensions\facebook@disconnect.me.xpi [2013.02.23 11:48:49 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\txvl5yxi.default\extensions\firebug@software.joehewitt.com.xpi [2013.02.12 21:55:49 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\txvl5yxi.default\extensions\personas@christopher.beard.xpi [2013.02.18 09:20:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\txvl5yxi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [winstartup] C:\Users\**********\Documents\Services\svchost.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78E3BE39-535F-4CE2-A458-945A9861C56C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk J:\ O33 - MountPoints2\{4fb663d0-6d84-11e2-8e8c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4fb663d0-6d84-11e2-8e8c-806e6f6e6963}\Shell\AutoRun\command - "" = I:\CheckID.exe O33 - MountPoints2\{ed1e42f7-6d86-11e2-9714-be38c8e7586f}\Shell - "" = AutoRun O33 - MountPoints2\{ed1e42f7-6d86-11e2-9714-be38c8e7586f}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{ed1e4397-6d86-11e2-9714-bc0543069d4b}\Shell - "" = AutoRun O33 - MountPoints2\{ed1e4397-6d86-11e2-9714-bc0543069d4b}\Shell\AutoRun\command - "" = AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 15:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.02.25 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Malwarebytes [2013.02.25 15:11:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.25 15:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.25 15:11:14 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Programs [2013.02.23 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\NBGI [2013.02.23 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\AliensVsPredator [2013.02.23 09:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sega [2013.02.22 07:41:33 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\Services [2013.02.21 21:54:35 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.02.21 17:52:12 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\NBGI [2013.02.20 07:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.12 21:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.11 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Microsoft Games [2013.02.09 14:58:22 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Skype [2013.02.09 14:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.09 14:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.09 14:58:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.09 14:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.08 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics [2013.02.08 00:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Plantronics [2013.02.08 00:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plantronics [2013.02.07 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Canneverbe Limited [2013.02.07 16:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.02.07 16:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.06 18:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey [2013.02.06 16:44:43 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.02.06 16:38:07 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Notepad++ [2013.02.06 00:41:18 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.02.06 00:40:34 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Dropbox [2013.02.05 17:46:25 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.05 17:26:34 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\EPSON [2013.02.04 22:55:20 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\Diablo III [2013.02.04 22:33:35 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Realmware [2013.02.04 18:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.02.04 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2013.02.04 18:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2013.02.03 22:37:50 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\vlc [2013.02.03 22:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2013.02.03 22:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.03 22:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.03 22:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAMCO BANDAI Games Europe S.A.S [2013.02.03 22:22:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.02.03 22:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2013.02.03 22:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.02.03 22:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.02.03 16:32:08 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\LolClient [2013.02.03 15:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2013.02.03 15:35:05 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.02.03 15:26:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.03 14:11:39 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files [2013.02.03 14:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.02.03 14:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2013.02.03 14:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.02.03 12:32:52 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\XWidget [2013.02.03 03:22:32 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\NVIDIA [2013.02.03 02:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.02.03 02:13:09 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\Battlefield 3 [2013.02.03 02:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2013.02.03 02:07:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.02.03 02:07:33 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\PunkBuster [2013.02.03 02:05:24 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Ubisoft Game Launcher [2013.02.03 01:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.02.03 01:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.02.03 00:58:50 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\My Games [2013.02.03 00:33:59 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\Assassin's Creed III [2013.02.03 00:31:06 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Macromedia [2013.02.03 00:30:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.02.03 00:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.02.03 00:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.03 00:14:50 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.02.03 00:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.02.03 00:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2013.02.03 00:06:40 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013.02.03 00:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.02.03 00:06:36 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Winamp [2013.02.03 00:05:22 | 000,480,632 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex [2013.02.02 23:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.02.02 23:42:35 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Intel Corporation [2013.02.02 23:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.02 23:40:21 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\Rainmeter [2013.02.02 23:40:21 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Rainmeter [2013.02.02 23:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter [2013.02.02 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2013.02.02 23:37:53 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\WinRAR [2013.02.02 23:37:53 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.02 23:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.02 23:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.02.02 23:36:42 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.02 23:36:42 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.02 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.02.02 23:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.02.02 23:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.02.02 23:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2013.02.02 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA [2013.02.02 23:32:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.02.02 23:32:29 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusbn.sys [2013.02.02 23:32:29 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwusbnci.dll [2013.02.02 23:32:27 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys [2013.02.02 23:32:27 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2013.02.02 23:32:24 | 000,000,000 | ---D | C] -- C:\Users\**********\AVM_Driver [2013.02.02 23:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2013.02.02 23:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.02.02 23:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.02 23:28:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.02.02 23:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.02.02 23:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.02 23:26:55 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Macromedia [2013.02.02 23:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.02.02 23:26:52 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Adobe [2013.02.02 23:26:44 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Adobe [2013.02.02 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.02.02 23:23:35 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.02 23:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.02.02 23:23:23 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\InstallShield [2013.02.02 23:23:06 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\ODUI [2013.02.02 23:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.02.02 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\Stardock [2013.02.02 23:23:02 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Stardock [2013.02.02 23:21:08 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll [2013.02.02 23:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.02.02 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Avira [2013.02.02 23:20:07 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Stardock [2013.02.02 23:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2013.02.02 23:20:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.02 23:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.02 23:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2013.02.02 23:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock [2013.02.02 23:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B} [2013.02.02 23:19:44 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.02 23:19:41 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.02 23:19:41 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.02 23:19:41 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.02 23:19:41 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.02 23:19:40 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.02.02 23:19:40 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.02.02 23:19:40 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.02.02 23:19:40 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.02.02 23:19:29 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.02 23:19:29 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.02 23:19:29 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.02 23:19:29 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.02 23:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.02.02 23:19:27 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.02 23:19:27 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.02 23:19:21 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.02.02 23:19:20 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.02.02 23:19:20 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.02.02 23:19:20 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.02.02 23:19:20 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.02.02 23:19:20 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.02.02 23:19:19 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.02.02 23:19:18 | 005,996,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.02.02 23:19:15 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.02 23:19:14 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.02 23:19:12 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.02.02 23:19:11 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.02 23:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.02.02 23:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.02.02 23:19:08 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.02.02 23:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2013.02.02 23:19:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.02.02 23:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.02 23:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.02.02 23:18:55 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.02 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\PackageAware [2013.02.02 23:18:53 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.02.02 23:18:52 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.02.02 23:18:52 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.02.02 23:18:50 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.02.02 23:18:50 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.02.02 23:18:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.02.02 23:18:47 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.02.02 23:18:47 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.02.02 23:18:46 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.02.02 23:18:46 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.02.02 23:18:46 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.02.02 23:18:45 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.02.02 23:18:45 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.02.02 23:18:44 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.02.02 23:18:44 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.02.02 23:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.02 23:18:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.02 23:18:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.02 23:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.02 23:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.02.02 23:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.02.02 23:18:15 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Microsoft Help [2013.02.02 23:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.02.02 23:16:18 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Mozilla [2013.02.02 23:16:18 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Mozilla [2013.02.02 23:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.02 23:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.02 23:14:56 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.02 23:14:56 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.02 23:14:56 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.02 23:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.02 23:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.02 23:12:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.02 23:11:06 | 000,000,000 | R--D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.02 23:11:06 | 000,000,000 | R--D | C] -- C:\Users\**********\Searches [2013.02.02 23:11:06 | 000,000,000 | R--D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.02 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Identities [2013.02.02 23:11:00 | 000,000,000 | R--D | C] -- C:\Users\**********\Contacts [2013.02.02 23:10:57 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\VirtualStore [2013.02.02 23:10:54 | 000,000,000 | --SD | C] -- C:\Users\**********\AppData\Roaming\Microsoft [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Videos [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Saved Games [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Pictures [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Music [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Links [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Favorites [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Documents [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\Desktop [2013.02.02 23:10:54 | 000,000,000 | R--D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Vorlagen [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\AppData\Local\Verlauf [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\AppData\Local\Temporary Internet Files [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Startmenü [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\SendTo [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Recent [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Netzwerkumgebung [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Lokale Einstellungen [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Documents\Eigene Videos [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Documents\Eigene Musik [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Eigene Dateien [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Documents\Eigene Bilder [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Druckumgebung [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Cookies [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\AppData\Local\Anwendungsdaten [2013.02.02 23:10:54 | 000,000,000 | -HSD | C] -- C:\Users\**********\Anwendungsdaten [2013.02.02 23:10:54 | 000,000,000 | -H-D | C] -- C:\Users\**********\AppData [2013.02.02 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Temp [2013.02.02 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Microsoft [2013.02.02 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Media Center Programs [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.02 23:10:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.02 23:10:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.02 23:03:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.02 23:03:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.02 23:02:23 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.02.01 19:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit [2013.02.01 19:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit - Kopie ========== Files - Modified Within 30 Days ========== [2013.02.25 15:17:49 | 000,000,000 | ---- | M] () -- C:\Users\**********\defogger_reenable [2013.02.25 15:12:42 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.25 15:11:27 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.25 14:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.24 17:08:52 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 17:08:52 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 17:07:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.24 17:07:31 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.24 17:07:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.24 17:07:31 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.24 17:07:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.24 17:01:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.24 17:01:36 | 4256,436,222 | -HS- | M] () -- C:\hiberfil.sys [2013.02.24 13:33:40 | 000,000,132 | ---- | M] () -- C:\Users\**********\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.18 09:08:38 | 004,962,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.02.08 00:36:30 | 000,000,610 | ---- | M] () -- C:\Windows\PLTGC.ini.imi [2013.02.08 00:36:30 | 000,000,402 | ---- | M] () -- C:\Windows\PLTGC.ini.cfl [2013.02.08 00:36:30 | 000,000,132 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2013.02.08 00:36:25 | 000,000,508 | ---- | M] () -- C:\Windows\System\PLTGC.ini [2013.02.06 18:57:18 | 000,000,798 | ---- | M] () -- C:\Users\**********\Desktop\Sound auf Boxen.lnk [2013.02.06 18:57:11 | 000,000,817 | ---- | M] () -- C:\Users\**********\Desktop\Sound auf Headset.lnk [2013.02.06 18:56:57 | 000,000,787 | ---- | M] () -- C:\Users\**********\Desktop\Sound auf TV.lnk [2013.02.06 18:29:28 | 000,001,351 | ---- | M] () -- C:\Users\**********\Documents\AutoHotkey.ahk [2013.02.06 00:41:24 | 000,001,025 | ---- | M] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.03 16:25:41 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.03 16:25:41 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.03 14:08:34 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2013.02.03 02:07:38 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.03 02:03:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.03 01:21:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.03 01:21:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.03 01:01:13 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.03 01:01:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.03 00:06:51 | 000,000,701 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winamp.lnk [2013.02.02 23:51:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.02 23:40:20 | 000,001,730 | ---- | M] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013.02.02 23:33:31 | 000,056,438 | ---- | M] () -- C:\Windows\Ascd_log.ini [2013.02.02 23:32:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.02 23:25:08 | 000,446,258 | ---- | M] () -- C:\Windows\AutoKMS.exe [2013.02.02 23:23:02 | 000,002,091 | ---- | M] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2013.02.02 23:16:35 | 000,041,172 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2013.02.02 23:16:22 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2013.02.02 23:04:57 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.02 23:04:57 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.02.25 15:17:49 | 000,000,000 | ---- | C] () -- C:\Users\**********\defogger_reenable [2013.02.25 15:12:42 | 000,000,827 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.25 15:11:27 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 21:50:26 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.08 00:36:30 | 000,811,400 | ---- | C] () -- C:\Windows\SysNative\PLTGC.exe [2013.02.08 00:36:30 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl [2013.02.08 00:36:30 | 000,000,132 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2013.02.08 00:36:25 | 000,364,936 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll [2013.02.08 00:36:25 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg [2013.02.08 00:36:25 | 000,000,610 | ---- | C] () -- C:\Windows\PLTGC.ini.imi [2013.02.08 00:36:25 | 000,000,508 | ---- | C] () -- C:\Windows\System\PLTGC.ini [2013.02.08 00:36:24 | 000,000,495 | ---- | C] () -- C:\Windows\PLTGC.ini [2013.02.07 16:05:16 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.02.07 16:05:16 | 000,000,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.02.07 16:05:16 | 000,000,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.02.06 18:56:36 | 000,000,817 | ---- | C] () -- C:\Users\**********\Desktop\Sound auf Headset.lnk [2013.02.06 18:56:36 | 000,000,798 | ---- | C] () -- C:\Users\**********\Desktop\Sound auf Boxen.lnk [2013.02.06 18:56:36 | 000,000,787 | ---- | C] () -- C:\Users\**********\Desktop\Sound auf TV.lnk [2013.02.06 18:29:28 | 000,001,351 | ---- | C] () -- C:\Users\**********\Documents\AutoHotkey.ahk [2013.02.06 00:41:24 | 000,001,025 | ---- | C] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.03 23:40:22 | 000,000,132 | ---- | C] () -- C:\Users\**********\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.03 22:22:43 | 000,001,343 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2013.02.03 14:08:34 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2013.02.03 02:52:03 | 000,001,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2013.02.03 02:07:38 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.03 01:21:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.03 01:21:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.03 00:30:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.03 00:14:52 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.03 00:14:52 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.03 00:14:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.03 00:14:50 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.02.03 00:11:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.03 00:07:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.03 00:06:51 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winamp.lnk [2013.02.02 23:51:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.02 23:41:10 | 000,000,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.02.02 23:40:20 | 000,001,730 | ---- | C] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2013.02.02 23:40:20 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk [2013.02.02 23:36:49 | 003,035,306 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.02.02 23:36:35 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.02 23:32:29 | 000,015,565 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusbn.bin [2013.02.02 23:32:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.02 23:30:41 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2013.02.02 23:30:24 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2013.02.02 23:30:08 | 000,000,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2013.02.02 23:29:59 | 000,000,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2013.02.02 23:29:07 | 000,000,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013.02.02 23:29:06 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.02.02 23:25:08 | 000,446,258 | ---- | C] () -- C:\Windows\AutoKMS.exe [2013.02.02 23:23:04 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din [2013.02.02 23:23:02 | 000,002,091 | ---- | C] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2013.02.02 23:22:25 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din [2013.02.02 23:19:57 | 000,001,332 | R--- | C] () -- C:\Windows\SysNative\drivers\DTSU2P.DAT [2013.02.02 23:19:27 | 000,238,448 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.02 23:18:23 | 000,056,438 | ---- | C] () -- C:\Windows\Ascd_log.ini [2013.02.02 23:12:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.02.02 23:12:04 | 000,041,172 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2013.02.02 23:11:08 | 000,001,410 | ---- | C] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.02 23:11:07 | 000,001,444 | ---- | C] () -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.02 23:04:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.02 23:04:49 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.02 23:03:05 | 4256,436,222 | -HS- | C] () -- C:\hiberfil.sys [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.07 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Canneverbe Limited [2013.02.24 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Dropbox [2013.02.05 17:26:34 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\EPSON [2013.02.03 16:32:08 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\LolClient [2013.02.06 22:13:49 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Notepad++ [2013.02.03 13:08:43 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Rainmeter [2013.02.02 23:20:07 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Stardock ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 5120 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\**********\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\**********\Desktop\desktop.ini:gs5sys < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 25.02.2013 15:18:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,95 Gb Total Physical Memory | 12,92 Gb Available Physical Memory | 81,01% Memory free
31,90 Gb Paging File | 28,52 Gb Available in Paging File | 89,41% Paging File free
Paging file location(s): h:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 25,52 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 126,19 Gb Free Space | 54,19% Space Free | Partition Type: NTFS
Drive E: | 153,38 Gb Total Space | 98,34 Gb Free Space | 64,12% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 25,90 Gb Free Space | 1,39% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 313,97 Gb Free Space | 22,47% Space Free | Partition Type: NTFS
Drive H: | 596,17 Gb Total Space | 571,73 Gb Free Space | 95,90% Space Free | Partition Type: NTFS
Drive I: | 149,05 Gb Total Space | 147,75 Gb Free Space | 99,12% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 545,28 Gb Free Space | 58,54% Space Free | Partition Type: NTFS
Drive K: | 7,40 Gb Total Space | 7,31 Gb Free Space | 98,74% Space Free | Partition Type: NTFS
Computer Name: *******- | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3F023B-9702-4EC6-96E4-44C825410989}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E9DDBC8-D7A5-4BF6-B40B-E34E7B84D114}" = lport=445 | protocol=6 | dir=in | app=system |
"{2194F88A-18C9-44EA-B780-5F11402E3566}" = rport=138 | protocol=17 | dir=out | app=system |
"{3799DA78-237B-433E-B724-AC8FB4DD05AE}" = rport=445 | protocol=6 | dir=out | app=system |
"{4298EC9C-DCCF-45D9-9A15-911F33DC3063}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79B3EB50-6D2B-4C5C-9159-154533E044E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{979190C9-2188-4B01-B86A-97D726CA4207}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B83EE9E-8730-4470-929E-1BBFB0534367}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7E82487-C699-46C5-8079-50E19750EA55}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5A941D4-BCB2-47A9-8008-0B5603532ED8}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA16EA8F-5B93-4CAF-93B3-6177E63A1070}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAB97283-EA47-45AE-AE84-0C1D7E0FDA13}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031A1C0A-6D74-4CB1-AABC-B0AC2EB2BA36}" = protocol=17 | dir=in | app=d:\spiele\far cry 3\bin\farcry3_d3d11.exe |
"{18353411-1768-443F-93AB-87EC73465D33}" = dir=in | app=d:\spiele\far cry 3\bin\farcry3.exe |
"{24BB1364-EFEF-4CCF-8B06-ABE301D42EDD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{27C57C0F-DF17-4987-8781-A11F5624D1AC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3C233772-B51D-4B12-9390-4193F275B85E}" = dir=out | app=d:\spiele\far cry 3\bin\farcry3_d3d11.exe |
"{3DC14B4A-5370-4C72-A701-2BBA1F2153A9}" = dir=in | app=d:\spiele\ac3\ac3sp.exe |
"{45F9D0EC-0B6F-4CBE-B2D2-E7E21FA3D26F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D71656A-2E18-4FDD-BE30-072B30B0B039}" = protocol=17 | dir=in | app=d:\spiele\battlefield 3\bf3.exe |
"{507360EE-79A3-47C1-B38E-8E62CEF6C785}" = dir=in | app=d:\spiele\far cry 3\bin\farcry3_d3d11.exe |
"{538E8EF0-10BA-407A-BB5F-A95E78D4BF96}" = protocol=6 | dir=in | app=d:\spiele\ac3\ac3sp.exe |
"{58A08B38-6E55-4307-8391-CF0B3772DB80}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{5A8D90F7-0312-4D3E-AFD2-2BAA25F50D19}" = protocol=17 | dir=in | app=d:\spiele\ac3\assassinscreed3.exe |
"{5C9835A4-0367-4F59-A9D6-2AA9A0CACCF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{644CA111-266B-4953-AACE-111BA30916FE}" = protocol=17 | dir=in | app=d:\spiele\ac3\ac3sp.exe |
"{6BB5C0C2-B7A3-40B3-BE3E-7B1B768EC9A3}" = protocol=6 | dir=in | app=d:\spiele\far cry 3\bin\fc3editor.exe |
"{6DEC77EE-D358-491C-BC6D-D98B5B0A7B7A}" = protocol=6 | dir=in | app=d:\spiele\far cry 3\bin\farcry3.exe |
"{6FCA0780-259A-4D43-9F8D-662BA8E0A9D7}" = protocol=17 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"{80EBAF3B-D176-4E3B-B834-A4CDF5FBF7F4}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{8165C859-01A2-4CCD-886B-CB38C99F90E0}" = protocol=6 | dir=in | app=c:\users\*******\appdata\roaming\dropbox\bin\dropbox.exe |
"{848AB9B0-8D07-47F5-A3F2-7E338F2CB797}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{85B84DF6-1C59-48F3-89AC-794C2D2771C5}" = protocol=6 | dir=in | app=d:\spiele\far cry 3\bin\farcry3_d3d11.exe |
"{86C89A92-CF43-4614-B84E-75E94C95F8CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8FBCEB33-76BC-4292-84F0-2438C4E77864}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9175FF50-5D7C-4C34-BB68-BB147E947F98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{97CE17C6-2B35-43F0-8678-1F0B2CFC4219}" = protocol=17 | dir=in | app=d:\spiele\far cry 3\bin\fc3updater.exe |
"{9D47031E-EA2D-4DC1-A1B5-EA822D84D409}" = protocol=17 | dir=in | app=d:\spiele\ac3\ac3mp.exe |
"{A08B7436-1F91-4FF5-A8F4-31AF04596046}" = protocol=17 | dir=in | app=d:\spiele\far cry 3\bin\farcry3.exe |
"{A29133D0-8E58-4CA7-A64B-9B03DE7D2624}" = dir=in | app=d:\spiele\darksouls\darksouls.exe |
"{A357E078-51A4-4FAB-B554-138D482A8A48}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{B13F0F3D-BB8C-4F14-B7BD-BBDB0F940B36}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{BFB019EB-91B9-44BE-9E08-2600839AB2B0}" = protocol=6 | dir=in | app=d:\spiele\far cry 3\bin\fc3updater.exe |
"{DC4A8DAE-AF68-4283-96C1-C90D33AF914A}" = protocol=6 | dir=in | app=d:\spiele\diablo iii\diablo iii.exe |
"{DC6CCBD7-7418-425D-973D-89407306D87B}" = protocol=17 | dir=in | app=d:\spiele\diablo iii\diablo iii.exe |
"{E2E77AC0-30D0-449D-AAB6-E6E251643634}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{E8061D47-4461-4972-B61E-56131358E511}" = protocol=6 | dir=in | app=d:\spiele\battlefield 3\bf3.exe |
"{E8AFB6EF-6BD9-46AA-B3FB-A2F200B435A1}" = dir=out | app=d:\spiele\far cry 3\bin\farcry3.exe |
"{E8F4D4D1-2EC7-4E74-B6EA-ACA5EEC3AD0F}" = dir=out | app=d:\spiele\ac3\ac3sp.exe |
"{F37C3F5F-5BB5-427F-ACC0-53DDD8CC9E6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F44132B5-A036-470A-86DD-412C0171B838}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F46A2E2F-68DD-4371-8700-25F92912724F}" = protocol=17 | dir=in | app=d:\spiele\far cry 3\bin\fc3editor.exe |
"{F47A4220-E943-4A30-84E6-15CAE94146D3}" = protocol=6 | dir=in | app=d:\spiele\ac3\ac3mp.exe |
"{F4C1AE3F-D696-4471-BCB4-994F290C1CE9}" = protocol=6 | dir=in | app=d:\spiele\ac3\assassinscreed3.exe |
"TCP Query User{51A826B5-4CDC-49FC-A82A-1ADF44C05FD4}D:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\winamp\winamp.exe |
"TCP Query User{5DFD08E3-938C-4B2B-ACAA-FF2F09D04CA5}D:\spiele\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=d:\spiele\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{7E0DAAB1-2AA1-41DA-A65B-E99EC548FAE5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{06FB02EF-9069-4CF1-8608-C799C92CBE78}D:\spiele\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=d:\spiele\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{20B73799-1616-43AF-B93D-6226ED2AF758}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5C7F5590-0E6B-4149-A86F-7B1420B07585}D:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel(R) Network Connections 16.6.126.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoHotkey" = AutoHotkey 1.1.09.02
"CCleaner" = CCleaner
"EPSON SX410 Series" = Druckerdeinstallation für EPSON SX410 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 16.6.126.0
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4108724-A76F-4BE6-976A-F2C62B0E38D6}" = Aliens Vs Predator
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlefield 3 Update 4_is1" = Battlefield 3 Update 4
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"Diablo III" = Diablo III
"Dishonored German (c) Bethesda_is1" = Dishonored German (c) Bethesda version 1
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock Plus 2" = ObjectDock Plus 2
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2013 04:10:28 | Computer Name = *******- | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2013 13:52:25 | Computer Name = *******- | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winsvchost.exe, Version: 0.0.0.0,
Zeitstempel: 0x5071f863 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7531e2d4 ID des fehlerhaften
Prozesses: 0x28d0 Startzeit der fehlerhaften Anwendung: 0x01ce11255e5aafb9 Pfad der
fehlerhaften Anwendung: C:\Users\*******\Documents\Windows\winsvchost.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 9d11fac4-7d18-11e2-a06d-bc0543069d4b
Error - 23.02.2013 06:40:52 | Computer Name = *******- | Source = Application Hang | ID = 1002
Description = Programm AvP_DX11.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f29c Startzeit:
01ce11b22eb18f4f Endzeit: 19 Anwendungspfad: D:\Spiele\Aliens Vs Predator\AvP_DX11.exe
Berichts-ID:
7d78e253-7da5-11e2-a06d-bc0543069d4b
Error - 23.02.2013 06:44:13 | Computer Name = *******- | Source = Application Hang | ID = 1002
Description = Programm AvP_DX11.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f5cc Startzeit:
01ce11b2b31f4fd9 Endzeit: 9 Anwendungspfad: D:\Spiele\Aliens Vs Predator\AvP_DX11.exe
Berichts-ID:
f4b0419f-7da5-11e2-a06d-bc0543069d4b
Error - 23.02.2013 06:44:25 | Computer Name = *******- | Source = Application Hang | ID = 1002
Description = Programm AvP_DX11.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f704 Startzeit:
01ce11b2b8cbfc7c Endzeit: 8 Anwendungspfad: D:\Spiele\Aliens Vs Predator\AvP_DX11.exe
Berichts-ID:
fc42572b-7da5-11e2-a06d-bc0543069d4b
Error - 23.02.2013 17:30:14 | Computer Name = *******- | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winsvchost.exe, Version: 0.0.0.0,
Zeitstempel: 0x5071f863 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7531e2d4 ID des fehlerhaften
Prozesses: 0x13d58 Startzeit der fehlerhaften Anwendung: 0x01ce120cf6d3cbc9 Pfad
der fehlerhaften Anwendung: C:\Users\*******\Documents\Windows\winsvchost.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 3532f00f-7e00-11e2-a06d-bc0543069d4b
Error - 24.02.2013 07:43:01 | Computer Name = *******- | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: notepad++.exe, Version: 6.3.0.0,
Zeitstempel: 0x510eb99f Name des fehlerhaften Moduls: CSSExplorerAdapter.UNICODE.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4b62ed38 Ausnahmecode: 0xc0000005 Fehleroffset:
0x02005306 ID des fehlerhaften Prozesses: 0x19164 Startzeit der fehlerhaften Anwendung:
0x01ce1283e57cb347 Pfad der fehlerhaften Anwendung: \\SOEREN-LAPTOP\Notepad\notepad++.exe
Pfad
des fehlerhaften Moduls: CSSExplorerAdapter.UNICODE.dll Berichtskennung: 56fa81e9-7e77-11e2-a06d-bc0543069d4b
Error - 24.02.2013 11:34:56 | Computer Name = *******- | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.7.14633 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1a780 Startzeit: 01ce12a4619e8936 Endzeit: 3 Anwendungspfad:
D:\Spiele\Diablo III\Diablo III.exe Berichts-ID: bc5a5546-7e97-11e2-a06d-bc0543069d4b
Error - 24.02.2013 12:03:32 | Computer Name = *******- | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 20:07:39 | Computer Name = *******- | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winsvchost.exe, Version: 0.0.0.0,
Zeitstempel: 0x5071f863 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74e9e2d4 ID des fehlerhaften
Prozesses: 0x27c4 Startzeit der fehlerhaften Anwendung: 0x01ce12ec1ed6e2d8 Pfad der
fehlerhaften Anwendung: C:\Users\*******\Documents\Windows\winsvchost.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 5d4a77a3-7edf-11e2-9df0-bc0543069d4b
[ System Events ]
Error - 09.02.2013 06:26:56 | Computer Name = *******- | Source = DCOM | ID = 10010
Description =
Error - 09.02.2013 06:44:57 | Computer Name = *******- | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 12.02.2013 16:45:22 | Computer Name = *******- | Source = VClone | ID = 262153
Description =
Error - 12.02.2013 18:24:57 | Computer Name = *******- | Source = VClone | ID = 262153
Description =
Error - 12.02.2013 21:19:22 | Computer Name = *******- | Source = VClone | ID = 262153
Description =
Error - 13.02.2013 10:06:55 | Computer Name = *******- | Source = VClone | ID = 262153
Description =
Error - 18.02.2013 04:07:31 | Computer Name = *******- | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 24.02.2013 10:21:20 | Computer Name = *******- | Source = BROWSER | ID = 8032
Description =
Error - 24.02.2013 12:04:22 | Computer Name = *******- | Source = BROWSER | ID = 8032
Description =
Error - 24.02.2013 13:38:02 | Computer Name = *******- | Source = BROWSER | ID = 8032
Description =
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net Rootkit scan 2013-02-25 16:09:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 M4-CT064 rev.0309 59,63GB Running: gmer_2.1.19081.exe; Driver: C:\Users\PAARBR~1\AppData\Local\Temp\fgayifod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000717f1a22 2 bytes [7F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000717f1ad0 2 bytes [7F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000717f1b08 2 bytes [7F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000717f1bba 2 bytes [7F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000717f1bda 2 bytes [7F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files\Plantronics\GameCom780\GameCom780.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files\Plantronics\GameCom780\GameCom780.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Users\PaarBreakdowns\Documents\Services\svchost.exe[3264] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Users\PaarBreakdowns\Documents\Services\svchost.exe[3264] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Users\PaarBreakdowns\AppData\Roaming\Dropbox\bin\Dropbox.exe[3380] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Users\PaarBreakdowns\AppData\Roaming\Dropbox\bin\Dropbox.exe[3380] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe[20060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe[20060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[21904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[21904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text H:\Defogger.exe[25392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text H:\Defogger.exe[25392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text H:\OTL.exe[16364] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text H:\OTL.exe[16364] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 ---- Files - GMER 2.1 ---- File C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20130225-150902-92BFF6E7\00000040-20F0CCBC.av$ 0 bytes ---- EOF - GMER 2.1 ---- Thx! |
|
25.02.2013, 16:17
| #2 |
| /// Malware-holic   | user/**/documents/services/svchost.exe - ja ne, ist klar__________________
__________________ |
|
25.02.2013, 16:47
| #3 |
| | user/**/documents/services/svchost.exe - ja ne, ist klar sorry
__________________MBAM Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.25.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 PaarBreakdowns :: PAARBREAKDOWNS- [limitiert] Schutz: Aktiviert 25.02.2013 15:13:39 mbam-log-2013-02-25 (15-13-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 374570 Laufzeit: 26 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\PaarBreakdowns\Documents\Services\svchost.exe (Trojan.Downloader) -> 3264 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winstartup (Trojan.Downloader) -> Daten: C:\Users\PaarBreakdowns\Documents\Services\svchost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\PaarBreakdowns\Documents\Services\svchost.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Exportierte Ereignisse:
25.02.2013 15:07 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\PaarBreakdowns\Documents\Windows\winsvchost.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.69767.6' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58a2e5e7.qua'
verschoben!
25.02.2013 15:07 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\PaarBreakdowns\Documents\Windows\winsvchost.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.69767.6' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
[... 2000 Weitere Ereignisse mit dem selben Inhalt]
07.02.2013 16:03 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\PaarBreakdowns\AppData\Local\Temp\YontooSetup-S.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58da53b4.qua'
verschoben!
07.02.2013 16:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\PaarBreakdowns\AppData\Local\Temp\YontooSetup-S.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
07.02.2013 16:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\PaarBreakdowns\AppData\Local\Temp\YontooSetup-S.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Geändert von corax228 (25.02.2013 um 17:32 Uhr) |
|
25.02.2013, 17:57
| #4 |
| /// Malware-holic | user/**/documents/services/svchost.exe - ja ne, ist klar hi C:\Windows\AutoKMS.exe ist ein Keygen, auch wir stellen daher, da illegal, den Suport ein. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu user/**/documents/services/svchost.exe - ja ne, ist klar |
| adobe, antivir, application/pdf:, autorun, avira, avp, bho, browser, desktop, error, firefox, flash player, focus, format, helper, install.exe, installation, logfile, monitor.exe, mozilla, nvidia update, photoshop, plug-in, registry, rundll, scan, schädling, security, tarma, udp, virus, windows xp |
Linear-Darstellung
