|
Log-Analyse und Auswertung: F:\RECYCLER\e621ca05.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.03.2013, 13:34 | #1 |
| F:\RECYCLER\e621ca05.exe Hallo Ich habe seit gesternabend ein Problem mit meiner Externen Festplatte und zwar werden alle Ordner als Verknüpfung Angezeigt. Wenn ich dort drauf klicke kommt ein Fenster dort steht "F:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.Stelle Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang. Dazu muss ich sagen das mein Antivir gestern eine Meldung gab Worm/Dorkbot.A.2985 den habe ich dann entfernen lassen. Ich habe auch schon die Logs gemacht mit OTL/gmer GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-24 13:14:16 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SI rev.1AG01118 931,51GB Running: gmer_2.1.19155.exe; Driver: C:\Users\basti\AppData\Local\Temp\awloqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777f1465 2 bytes [7F, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777f14bb 2 bytes [7F, 77] .text ... * 2 ---- EOF - GMER 2.1 ---- OTL OTL logfile created on: 24.03.2013 12:39:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,62% Memory free 16,00 Gb Paging File | 13,68 Gb Available in Paging File | 85,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 774,50 Gb Free Space | 83,14% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 709,71 Gb Free Space | 76,19% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.24 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\basti\Downloads\OTL.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.12 22:00:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 22:00:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.12 22:00:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 22:00:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.12.23 10:58:44 | 002,259,568 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.13 18:50:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.12 22:00:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 22:00:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.12 22:00:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=hp&fr=linkury-tb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 7A B6 02 62 09 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0B2E1175-4E0B-46B1-A7D9-F477E60F2122}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=be8393d0-34dd-4927-9451-fe0c977105a7&apn_sauid=B64D5FB6-00F2-48C2-AC9F-5A8A17954E73 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2ADC8C-3CCF-4D36-B4BD-CADDCD830F7A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f9b893fc-7551-11e2-8260-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f9b893fc-7551-11e2-8260-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.23 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Roaming\Malwarebytes [2013.03.23 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.23 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.23 12:30:56 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Programs [2013.03.21 01:16:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.21 01:16:15 | 000,000,000 | ---D | C] -- C:\cb05257f374522336446e9bd [2013.03.18 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Microsoft_Corporation [2013.03.10 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\SKIDROW [2013.03.08 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\EA Games [2013.03.08 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\EA Games [2013.03.04 06:57:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Skyrim [2013.03.03 22:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.03.03 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Diagnostics [2013.03.03 20:38:38 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\My Games [2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.03.03 05:25:31 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\Criterion Games [2013.02.24 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\TeknoGods [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 12:37:25 | 000,000,000 | ---- | M] () -- C:\Users\basti\defogger_reenable [2013.03.24 12:36:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job [2013.03.24 12:09:59 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 12:09:59 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 12:08:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.24 12:08:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.24 12:08:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.24 12:08:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.24 12:08:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.24 12:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 12:02:23 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys [2013.03.21 00:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.18 13:33:14 | 000,000,000 | -H-- | M] () -- C:\Users\basti\Documents\Default.rdp [2013.03.14 21:40:08 | 000,002,372 | ---- | M] () -- C:\Users\basti\Desktop\Google Chrome.lnk [2013.03.13 17:03:58 | 000,000,165 | ---- | M] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls [2013.03.08 10:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job [2013.03.03 22:21:42 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.03.03 19:35:37 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 12:37:25 | 000,000,000 | ---- | C] () -- C:\Users\basti\defogger_reenable [2013.03.18 13:33:14 | 000,000,000 | -H-- | C] () -- C:\Users\basti\Documents\Default.rdp [2013.03.13 17:03:57 | 000,000,165 | ---- | C] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls [2013.03.03 22:21:42 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.03.03 19:35:36 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.13 17:36:29 | 000,000,017 | ---- | C] () -- C:\Users\basti\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.01 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\.minecraft [2013.02.13 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\OpenCandy ========== Purity Check ========== < End of report > Extras OTL Extras logfile created on: 24.03.2013 12:39:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,62% Memory free 16,00 Gb Paging File | 13,68 Gb Available in Paging File | 85,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 774,50 Gb Free Space | 83,14% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 709,71 Gb Free Space | 76,19% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{046041BF-6189-49C0-A122-1951050A9350}" = lport=10243 | protocol=6 | dir=in | app=system | "{0CB99028-99B9-48A5-A258-C91E41F02359}" = rport=10243 | protocol=6 | dir=out | app=system | "{17190016-7837-467A-9B45-2E3695BAC63F}" = lport=445 | protocol=6 | dir=in | app=system | "{254ED800-1AE5-4ED6-BB33-FEBA652D5EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{309D4A84-A3D0-4F9B-8641-D498EE4DC94D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{315A1CCA-2561-4BDC-9A61-2403502EA240}" = rport=445 | protocol=6 | dir=out | app=system | "{4249BBBB-ABD5-4E66-A3C8-DE3238449046}" = lport=139 | protocol=6 | dir=in | app=system | "{5DB3E68D-5377-4682-9452-6B9A5AEDC9DA}" = lport=138 | protocol=17 | dir=in | app=system | "{65ACCD6C-27C6-474E-9ABA-5E0C999808CC}" = rport=137 | protocol=17 | dir=out | app=system | "{75F8A28E-32B5-498F-90AB-020C38172BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{913221AB-7CCF-43D7-9BF5-2E6A750DCF84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93D895B6-6015-415A-9E73-9965110E8966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{993B658F-957F-4264-8BED-C72C7924746D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9E7616E0-4C42-4266-9492-8B019DE53051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A0008364-532F-4A51-891B-00897C8DEAD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B5972BC3-A401-44A1-B16F-43A72877E084}" = lport=137 | protocol=17 | dir=in | app=system | "{B9AD5EB0-316E-46DB-8235-8F2B27027FF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BBE053A5-069E-43F0-B331-722B951E303B}" = rport=138 | protocol=17 | dir=out | app=system | "{C445E835-832E-4A4A-98AC-CA862ED15FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC28F4C1-16B1-4182-929B-47E0F9D0FA2D}" = lport=2869 | protocol=6 | dir=in | app=system | "{E41C9F8C-E2F6-4EDC-A0B5-17249218761E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F096F259-9EBA-41DD-9E09-47364992C98C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F56682DA-8078-4D16-BE63-C8E87DFD7E52}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E3A335-E89E-4E6B-98EC-B1AD758BA9D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{077BB950-5095-4DD0-9673-7A9696415A60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0B3EA404-C2A0-4D6E-BC90-BC29161395E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1443C81B-37F4-4882-8F46-5E311C71DE20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{20EE0F13-E7DF-4D06-89B1-4E1EE4CB3BF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{22AD454C-3A8D-4891-9B25-7E76AF146B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{2B62394D-19B8-43B3-93C8-E73A8303AC6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{39F8D502-0EB0-4D15-8800-0E8D04C64A75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3D8A0EE5-C3A2-4132-A571-9D5E1FC001A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4654928D-DBBD-44ED-B838-4CC15BD22938}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4AC9509B-BF3C-42A7-A826-F3AD04FD7BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{579D169A-500B-480E-B65D-02F06101E6C2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{5A4398AD-0836-4D73-99FE-73BB6338889A}" = protocol=58 | dir=in | app=system | "{5EA5E196-2097-44CA-B7FA-DC4FDDA82F30}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6FF1B221-31B5-4230-B3BD-99D2A61320EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{82A30414-EB7E-46A8-A356-0567FDDDF826}" = protocol=6 | dir=out | app=system | "{8506E774-041E-484C-90AF-35FD603DF1BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{950C6B7D-EE5E-46EF-A934-4EA86AA30AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{99F6D0C6-A5F0-40EA-A701-8607E8522686}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9C4BA0BE-E823-4872-BD35-8DE2BEEEB15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A7F313FE-0A46-469A-933F-223CCDF10358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DBCB20B5-772D-48A1-9D58-D42CC8A19C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E423B589-DB6B-42F2-B3B0-D0178607AE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1FC07E5-E83E-4A3F-A595-7FBDCE2280A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F78857FD-670D-4BA3-A311-70FF04C3634D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FC7E7C69-9CC0-4A16-8C73-FB116519B9D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{18861116-2515-4D7C-BEB4-B01C1CCA9A4B}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe | "TCP Query User{3D03630A-5B4F-4A9E-8B4D-6AE4A807F54F}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe | "TCP Query User{43D016D6-33A9-408B-BBDB-64BA4BBDA3E3}F:\spiele1\empire earth\empire earth.exe" = protocol=6 | dir=in | app=f:\spiele1\empire earth\empire earth.exe | "TCP Query User{4C880C81-2AD1-4699-B093-A23C11A0575D}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe | "TCP Query User{509B228D-C967-414A-B9A0-10595BBEA68F}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin | "TCP Query User{5E48E488-6B58-400B-A25C-2FFDD5101BB9}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin | "TCP Query User{606A895A-F030-4CE6-90D5-170DB3B5D20E}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe | "TCP Query User{823B1FE6-92F1-4C2A-8554-696ECCF95EE5}F:\metin2\metin2client.bin" = protocol=6 | dir=in | app=f:\metin2\metin2client.bin | "TCP Query User{9579B278-E932-4443-9A93-0EC6FF717AA9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{9EE1A822-EF67-4B7A-B080-0D26F9F7DA75}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe | "UDP Query User{6AE8803C-8E99-4C6C-A854-5A4F956D0D4B}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe | "UDP Query User{7A593A2E-C269-4FC3-93C6-CC92D2147C6C}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin | "UDP Query User{8E2EF7D7-4DCC-4386-8E9B-53B777675346}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe | "UDP Query User{A42EE3E0-67F5-4158-81B8-C188BA9DD736}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin | "UDP Query User{B25C9687-FA2E-43BC-A82F-094DF520884E}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe | "UDP Query User{C90683E7-6355-4656-BA83-3C6A03875BF1}F:\metin2\metin2client.bin" = protocol=17 | dir=in | app=f:\metin2\metin2client.bin | "UDP Query User{D2E33147-8EB7-4FB1-BF03-54896444572D}F:\spiele1\empire earth\empire earth.exe" = protocol=17 | dir=in | app=f:\spiele1\empire earth\empire earth.exe | "UDP Query User{D552B5F0-F7D9-4677-AF29-754298D021EE}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{D66194BA-8404-42CF-8EB9-5A8740C0033C}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe | "UDP Query User{FD73DD3E-F798-4265-AE53-2AB578AE644D}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{32A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "LogMeIn Hamachi" = LogMeIn Hamachi "MySSID_is1" = EXPERTool 7.16 "Need for Speed Most Wanted_is1" = Need for Speed Most Wanted "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Steam App 72850" = The Elder Scrolls V: Skyrim "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.03.2013 00:28:38 | Computer Name = basti-PC | Source = Application Hang | ID = 1002 Description = Programm NFS13.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f68 Startzeit: 01ce17c723d9d19a Endzeit: 593 Anwendungspfad: F:\Spiele\Need for Speed Most Wanted\NFS13.exe Berichts-ID: Error - 17.03.2013 14:01:43 | Computer Name = basti-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0, Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRDisplay.dll, Version: 0.0.0.0, Zeitstempel: 0x3bc74643 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009791 ID des fehlerhaften Prozesses: 0xe0c Startzeit der fehlerhaften Anwendung: 0x01ce233959d8796a Pfad der fehlerhaften Anwendung: F:\spiele1\empire earth\Empire Earth.exe Pfad des fehlerhaften Moduls: F:\SPIELE1\EMPIRE EARTH\DX7HRDisplay.dll Berichtskennung: b995f876-8f2c-11e2-857f-6c626de4c601 Error - 17.03.2013 14:11:36 | Computer Name = basti-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0, Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRDisplay.dll, Version: 0.0.0.0, Zeitstempel: 0x3bc74643 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009791 ID des fehlerhaften Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ce23397f222324 Pfad der fehlerhaften Anwendung: F:\spiele1\empire earth\Empire Earth.exe Pfad des fehlerhaften Moduls: F:\SPIELE1\EMPIRE EARTH\DX7HRDisplay.dll Berichtskennung: 1afad808-8f2e-11e2-857f-6c626de4c601 Error - 18.03.2013 13:14:27 | Computer Name = basti-PC | Source = Application Hang | ID = 1002 Description = Programm TombRaider.exe, Version 1.0.716.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1198 Startzeit: 01ce23f2dbe80d15 Endzeit: 1010 Anwendungspfad: F:\Spiele\Tombraider\TombRaider.exe Berichts-ID: Error - 18.03.2013 13:16:19 | Computer Name = basti-PC | Source = Application Hang | ID = 1002 Description = Programm TombRaider.exe, Version 1.0.716.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 107c Startzeit: 01ce23fc11524885 Endzeit: 770 Anwendungspfad: F:\Spiele\Tombraider\TombRaider.exe Berichts-ID: Error - 24.03.2013 06:55:05 | Computer Name = basti-PC | Source = Application Hang | ID = 1002 Description = Programm StubInstaller.exe, Version 2.0.27.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ad8 Startzeit: 01ce287dd0440f05 Endzeit: 5 Anwendungspfad: C:\Users\basti\AppData\Local\Temp\RarSFX0\StubInstaller.exe Berichts-ID: Error - 24.03.2013 07:02:37 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 24.03.2013 07:06:49 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 24.03.2013 07:07:06 | Computer Name = basti-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 [ System Events ] Error - 21.03.2013 06:40:55 | Computer Name = basti-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932) Error - 21.03.2013 06:50:09 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 21.03.2013 06:50:09 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.03.2013 06:45:06 | Computer Name = basti-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 23.03.2013 07:09:08 | Computer Name = basti-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 23.03.2013 13:43:08 | Computer Name = basti-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 24.03.2013 07:02:37 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 24.03.2013 07:02:38 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066 Error - 24.03.2013 07:06:49 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 24.03.2013 07:07:06 | Computer Name = basti-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. < End of report > Jetzt ist meine Frage was kann man nun dagegen machen ohne so wennig Dateien wie möglich zu verlieren. |
24.03.2013, 15:03 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exe Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
24.03.2013, 15:06 | #3 |
| F:\RECYCLER\e621ca05.exe Ich habe keine weitern Log fils mehr auf dem computer,
__________________das sind alle die ich habe |
24.03.2013, 15:11 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exe Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
24.03.2013, 15:59 | #5 |
| F:\RECYCLER\e621ca05.exe So ich habe jetzt die scanns jetzt alle gemacht Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.02.15.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 basti :: BASTI-PC [administrator] 24.03.2013 15:43:14 mbar-log-2013-03-24 (15-43-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28038 Time elapsed: 4 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-03-24 15:45:33 ----------------------------- 15:45:33.681 OS Version: Windows x64 6.1.7600 15:45:33.681 Number of processors: 6 586 0xA00 15:45:33.697 ComputerName: BASTI-PC UserName: basti 15:45:35.943 Initialize success 15:46:04.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 15:46:04.019 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3 15:46:04.128 Disk 0 MBR read successfully 15:46:04.128 Disk 0 MBR scan 15:46:04.144 Disk 0 Windows 7 default MBR code 15:46:04.144 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048 15:46:04.160 Disk 0 scanning C:\Windows\system32\drivers 15:46:08.730 Service scanning 15:46:18.855 Modules scanning 15:46:18.855 Disk 0 trace - called modules: 15:46:18.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 15:46:18.886 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae2060] 15:46:18.902 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8007815580] 15:46:18.902 5 ACPI.sys[fffff88000f87781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007819060] 15:46:18.902 Scan finished successfully 15:46:50.507 Disk 0 MBR has been saved successfully to "C:\Users\basti\Desktop\MBR.dat" 15:46:50.507 The log file has been saved successfully to "C:\Users\basti\Desktop\aswMBR.txt" Bei tdssKiller hat er nichts gefunden doch Tdsskiller hat auch ein logg gerade erst gesehen sry 15:50:01.0161 4812 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:50:01.0700 4812 ============================================================ 15:50:01.0700 4812 Current date / time: 2013/03/24 15:50:01.0700 15:50:01.0700 4812 SystemInfo: 15:50:01.0700 4812 15:50:01.0700 4812 OS Version: 6.1.7600 ServicePack: 0.0 15:50:01.0700 4812 Product type: Workstation 15:50:01.0700 4812 ComputerName: BASTI-PC 15:50:01.0701 4812 UserName: basti 15:50:01.0701 4812 Windows directory: C:\Windows 15:50:01.0701 4812 System windows directory: C:\Windows 15:50:01.0701 4812 Running under WOW64 15:50:01.0701 4812 Processor architecture: Intel x64 15:50:01.0701 4812 Number of processors: 6 15:50:01.0701 4812 Page size: 0x1000 15:50:01.0701 4812 Boot type: Normal boot 15:50:01.0701 4812 ============================================================ 15:50:02.0870 4812 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:50:02.0877 4812 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:50:02.0907 4812 ============================================================ 15:50:02.0907 4812 \Device\Harddisk0\DR0: 15:50:02.0907 4812 MBR partitions: 15:50:02.0907 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 15:50:02.0907 4812 \Device\Harddisk1\DR1: 15:50:02.0909 4812 MBR partitions: 15:50:02.0909 4812 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 15:50:02.0909 4812 ============================================================ 15:50:02.0933 4812 C: <-> \Device\Harddisk0\DR0\Partition1 15:50:02.0957 4812 F: <-> \Device\Harddisk1\DR1\Partition1 15:50:02.0957 4812 ============================================================ 15:50:02.0957 4812 Initialize success 15:50:02.0957 4812 ============================================================ 15:52:50.0869 2620 ============================================================ 15:52:50.0869 2620 Scan started 15:52:50.0869 2620 Mode: Manual; SigCheck; TDLFS; 15:52:50.0869 2620 ============================================================ 15:52:52.0086 2620 ================ Scan system memory ======================== 15:52:52.0086 2620 System memory - ok 15:52:52.0086 2620 ================ Scan services ============================= 15:52:52.0242 2620 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 15:52:52.0367 2620 1394ohci - ok 15:52:52.0398 2620 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 15:52:52.0429 2620 ACPI - ok 15:52:52.0429 2620 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 15:52:52.0460 2620 AcpiPmi - ok 15:52:52.0632 2620 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:52:52.0648 2620 AdobeFlashPlayerUpdateSvc - ok 15:52:52.0679 2620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:52:52.0694 2620 adp94xx - ok 15:52:52.0710 2620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:52:52.0726 2620 adpahci - ok 15:52:52.0757 2620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:52:52.0788 2620 adpu320 - ok 15:52:52.0819 2620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:52:52.0897 2620 AeLookupSvc - ok 15:52:52.0960 2620 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 15:52:53.0006 2620 AFD - ok 15:52:53.0038 2620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 15:52:53.0069 2620 agp440 - ok 15:52:53.0084 2620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:52:53.0131 2620 ALG - ok 15:52:53.0147 2620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 15:52:53.0162 2620 aliide - ok 15:52:53.0178 2620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 15:52:53.0194 2620 amdide - ok 15:52:53.0194 2620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:52:53.0209 2620 AmdK8 - ok 15:52:53.0240 2620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:52:53.0287 2620 AmdPPM - ok 15:52:53.0318 2620 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:52:53.0334 2620 amdsata - ok 15:52:53.0365 2620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:52:53.0381 2620 amdsbs - ok 15:52:53.0412 2620 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:52:53.0412 2620 amdxata - ok 15:52:53.0490 2620 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:52:53.0521 2620 AntiVirSchedulerService - ok 15:52:53.0552 2620 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:52:53.0568 2620 AntiVirService - ok 15:52:53.0584 2620 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:52:53.0599 2620 AntiVirWebService - ok 15:52:53.0615 2620 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 15:52:53.0646 2620 AppID - ok 15:52:53.0693 2620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:52:53.0755 2620 AppIDSvc - ok 15:52:53.0771 2620 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 15:52:53.0786 2620 Appinfo - ok 15:52:53.0818 2620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 15:52:53.0849 2620 arc - ok 15:52:53.0849 2620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:52:53.0864 2620 arcsas - ok 15:52:53.0896 2620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:52:53.0958 2620 AsyncMac - ok 15:52:53.0974 2620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 15:52:53.0974 2620 atapi - ok 15:52:54.0005 2620 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:52:54.0052 2620 AudioEndpointBuilder - ok 15:52:54.0052 2620 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:52:54.0083 2620 AudioSrv - ok 15:52:54.0114 2620 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:52:54.0114 2620 avgntflt - ok 15:52:54.0130 2620 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:52:54.0145 2620 avipbb - ok 15:52:54.0161 2620 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:52:54.0161 2620 avkmgr - ok 15:52:54.0176 2620 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:52:54.0208 2620 AxInstSV - ok 15:52:54.0254 2620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 15:52:54.0286 2620 b06bdrv - ok 15:52:54.0317 2620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:52:54.0364 2620 b57nd60a - ok 15:52:54.0395 2620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:52:54.0426 2620 BDESVC - ok 15:52:54.0442 2620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:52:54.0504 2620 Beep - ok 15:52:54.0551 2620 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 15:52:54.0629 2620 BFE - ok 15:52:54.0676 2620 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 15:52:54.0707 2620 BITS - ok 15:52:54.0738 2620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:52:54.0754 2620 blbdrive - ok 15:52:54.0785 2620 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:52:54.0832 2620 bowser - ok 15:52:54.0832 2620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:52:54.0863 2620 BrFiltLo - ok 15:52:54.0863 2620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:52:54.0878 2620 BrFiltUp - ok 15:52:54.0925 2620 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 15:52:54.0956 2620 Browser - ok 15:52:54.0988 2620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:52:55.0019 2620 Brserid - ok 15:52:55.0019 2620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:52:55.0050 2620 BrSerWdm - ok 15:52:55.0050 2620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:52:55.0050 2620 BrUsbMdm - ok 15:52:55.0066 2620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:52:55.0066 2620 BrUsbSer - ok 15:52:55.0081 2620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:52:55.0081 2620 BTHMODEM - ok 15:52:55.0112 2620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:52:55.0175 2620 bthserv - ok 15:52:55.0175 2620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:52:55.0206 2620 cdfs - ok 15:52:55.0237 2620 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:52:55.0237 2620 cdrom - ok 15:52:55.0268 2620 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 15:52:55.0315 2620 CertPropSvc - ok 15:52:55.0331 2620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:52:55.0331 2620 circlass - ok 15:52:55.0346 2620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:52:55.0362 2620 CLFS - ok 15:52:55.0424 2620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:52:55.0456 2620 clr_optimization_v2.0.50727_32 - ok 15:52:55.0518 2620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:52:55.0549 2620 clr_optimization_v2.0.50727_64 - ok 15:52:55.0658 2620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:52:55.0690 2620 clr_optimization_v4.0.30319_32 - ok 15:52:55.0705 2620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:52:55.0736 2620 clr_optimization_v4.0.30319_64 - ok 15:52:55.0736 2620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:52:55.0752 2620 CmBatt - ok 15:52:55.0768 2620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 15:52:55.0768 2620 cmdide - ok 15:52:55.0814 2620 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 15:52:55.0830 2620 CNG - ok 15:52:55.0846 2620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:52:55.0846 2620 Compbatt - ok 15:52:55.0861 2620 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 15:52:55.0908 2620 CompositeBus - ok 15:52:55.0908 2620 COMSysApp - ok 15:52:55.0939 2620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:52:55.0955 2620 crcdisk - ok 15:52:55.0986 2620 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:52:56.0017 2620 CryptSvc - ok 15:52:56.0080 2620 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:52:56.0126 2620 DcomLaunch - ok 15:52:56.0158 2620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:52:56.0204 2620 defragsvc - ok 15:52:56.0236 2620 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:52:56.0267 2620 DfsC - ok 15:52:56.0298 2620 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 15:52:56.0345 2620 Dhcp - ok 15:52:56.0360 2620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:52:56.0438 2620 discache - ok 15:52:56.0485 2620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:52:56.0501 2620 Disk - ok 15:52:56.0532 2620 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:52:56.0548 2620 Dnscache - ok 15:52:56.0563 2620 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 15:52:56.0626 2620 dot3svc - ok 15:52:56.0641 2620 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 15:52:56.0672 2620 DPS - ok 15:52:56.0719 2620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:52:56.0750 2620 drmkaud - ok 15:52:56.0782 2620 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:52:56.0813 2620 DXGKrnl - ok 15:52:56.0844 2620 EagleX64 - ok 15:52:56.0875 2620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:52:56.0938 2620 EapHost - ok 15:52:57.0031 2620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 15:52:57.0078 2620 ebdrv - ok 15:52:57.0094 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 15:52:57.0125 2620 EFS - ok 15:52:57.0203 2620 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:52:57.0250 2620 ehRecvr - ok 15:52:57.0281 2620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:52:57.0281 2620 ehSched - ok 15:52:57.0328 2620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:52:57.0359 2620 elxstor - ok 15:52:57.0374 2620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 15:52:57.0421 2620 ErrDev - ok 15:52:57.0452 2620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:52:57.0499 2620 EventSystem - ok 15:52:57.0515 2620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:52:57.0530 2620 exfat - ok 15:52:57.0562 2620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:52:57.0593 2620 fastfat - ok 15:52:57.0671 2620 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 15:52:57.0733 2620 Fax - ok 15:52:57.0749 2620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:52:57.0764 2620 fdc - ok 15:52:57.0796 2620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:52:57.0920 2620 fdPHost - ok 15:52:57.0936 2620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:52:57.0983 2620 FDResPub - ok 15:52:58.0014 2620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:52:58.0014 2620 FileInfo - ok 15:52:58.0045 2620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:52:58.0076 2620 Filetrace - ok 15:52:58.0092 2620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:52:58.0092 2620 flpydisk - ok 15:52:58.0108 2620 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:52:58.0123 2620 FltMgr - ok 15:52:58.0170 2620 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll 15:52:58.0232 2620 FontCache - ok 15:52:58.0295 2620 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:52:58.0310 2620 FontCache3.0.0.0 - ok 15:52:58.0342 2620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:52:58.0357 2620 FsDepends - ok 15:52:58.0373 2620 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:52:58.0388 2620 Fs_Rec - ok 15:52:58.0435 2620 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:52:58.0466 2620 fvevol - ok 15:52:58.0513 2620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:52:58.0544 2620 gagp30kx - ok 15:52:58.0576 2620 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 15:52:58.0607 2620 gpsvc - ok 15:52:58.0638 2620 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 15:52:58.0654 2620 hamachi - ok 15:52:58.0778 2620 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 15:52:58.0825 2620 Hamachi2Svc - ok 15:52:58.0841 2620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:52:58.0856 2620 hcw85cir - ok 15:52:58.0903 2620 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:52:58.0934 2620 HdAudAddService - ok 15:52:58.0981 2620 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:52:58.0997 2620 HDAudBus - ok 15:52:58.0997 2620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:52:59.0028 2620 HidBatt - ok 15:52:59.0044 2620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:52:59.0090 2620 HidBth - ok 15:52:59.0106 2620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:52:59.0153 2620 HidIr - ok 15:52:59.0168 2620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:52:59.0231 2620 hidserv - ok 15:52:59.0246 2620 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:52:59.0278 2620 HidUsb - ok 15:52:59.0309 2620 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:52:59.0371 2620 hkmsvc - ok 15:52:59.0402 2620 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:52:59.0434 2620 HomeGroupListener - ok 15:52:59.0465 2620 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:52:59.0512 2620 HomeGroupProvider - ok 15:52:59.0543 2620 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 15:52:59.0558 2620 HpSAMD - ok 15:52:59.0590 2620 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:52:59.0636 2620 HTTP - ok 15:52:59.0652 2620 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:52:59.0652 2620 hwpolicy - ok 15:52:59.0683 2620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:52:59.0683 2620 i8042prt - ok 15:52:59.0730 2620 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:52:59.0761 2620 iaStorV - ok 15:52:59.0808 2620 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:52:59.0839 2620 idsvc - ok 15:52:59.0870 2620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:52:59.0886 2620 iirsp - ok 15:52:59.0917 2620 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 15:52:59.0948 2620 IKEEXT - ok 15:52:59.0995 2620 [ CAA8BC6737DFA3BF1A50175CFB226788 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys 15:53:00.0058 2620 InputFilter_Hid_FlexDef2b - ok 15:53:00.0120 2620 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 15:53:00.0167 2620 IntcAzAudAddService - ok 15:53:00.0214 2620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 15:53:00.0370 2620 intelide - ok 15:53:00.0385 2620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:53:00.0432 2620 intelppm - ok 15:53:00.0463 2620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:53:00.0510 2620 IPBusEnum - ok 15:53:00.0541 2620 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:53:00.0557 2620 IpFilterDriver - ok 15:53:00.0572 2620 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:53:00.0619 2620 iphlpsvc - ok 15:53:00.0619 2620 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:53:00.0635 2620 IPMIDRV - ok 15:53:00.0635 2620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:53:00.0666 2620 IPNAT - ok 15:53:00.0697 2620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:53:00.0713 2620 IRENUM - ok 15:53:00.0713 2620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 15:53:00.0728 2620 isapnp - ok 15:53:00.0744 2620 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:53:00.0760 2620 iScsiPrt - ok 15:53:00.0775 2620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:53:00.0791 2620 kbdclass - ok 15:53:00.0791 2620 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:53:00.0822 2620 kbdhid - ok 15:53:00.0838 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 15:53:00.0869 2620 KeyIso - ok 15:53:00.0900 2620 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:53:00.0900 2620 KSecDD - ok 15:53:00.0916 2620 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:53:00.0916 2620 KSecPkg - ok 15:53:00.0931 2620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:53:00.0947 2620 ksthunk - ok 15:53:00.0978 2620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:53:01.0009 2620 KtmRm - ok 15:53:01.0040 2620 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:53:01.0056 2620 LanmanServer - ok 15:53:01.0087 2620 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:53:01.0165 2620 LanmanWorkstation - ok 15:53:01.0196 2620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:53:01.0212 2620 lltdio - ok 15:53:01.0243 2620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:53:01.0259 2620 lltdsvc - ok 15:53:01.0274 2620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:53:01.0290 2620 lmhosts - ok 15:53:01.0321 2620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:53:01.0337 2620 LSI_FC - ok 15:53:01.0352 2620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:53:01.0352 2620 LSI_SAS - ok 15:53:01.0368 2620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:53:01.0368 2620 LSI_SAS2 - ok 15:53:01.0399 2620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:53:01.0399 2620 LSI_SCSI - ok 15:53:01.0415 2620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:53:01.0430 2620 luafv - ok 15:53:01.0493 2620 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:53:01.0524 2620 MBAMProtector - ok 15:53:01.0618 2620 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:53:01.0649 2620 MBAMScheduler - ok 15:53:01.0664 2620 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:53:01.0680 2620 MBAMService - ok 15:53:01.0711 2620 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:53:01.0742 2620 Mcx2Svc - ok 15:53:01.0758 2620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:53:01.0774 2620 megasas - ok 15:53:01.0789 2620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:53:01.0805 2620 MegaSR - ok 15:53:01.0820 2620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:53:01.0867 2620 MMCSS - ok 15:53:01.0883 2620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:53:01.0914 2620 Modem - ok 15:53:01.0961 2620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:53:02.0008 2620 monitor - ok 15:53:02.0023 2620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:53:02.0054 2620 mouclass - ok 15:53:02.0086 2620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:53:02.0132 2620 mouhid - ok 15:53:02.0164 2620 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:53:02.0195 2620 mountmgr - ok 15:53:02.0210 2620 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 15:53:02.0226 2620 mpio - ok 15:53:02.0273 2620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:53:02.0304 2620 mpsdrv - ok 15:53:02.0320 2620 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:53:02.0382 2620 MpsSvc - ok 15:53:02.0398 2620 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:53:02.0429 2620 MRxDAV - ok 15:53:02.0444 2620 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:53:02.0460 2620 mrxsmb - ok 15:53:02.0460 2620 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:53:02.0491 2620 mrxsmb10 - ok 15:53:02.0507 2620 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:53:02.0554 2620 mrxsmb20 - ok 15:53:02.0585 2620 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 15:53:02.0585 2620 msahci - ok 15:53:02.0600 2620 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 15:53:02.0616 2620 msdsm - ok 15:53:02.0632 2620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:53:02.0678 2620 MSDTC - ok 15:53:02.0710 2620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:53:02.0741 2620 Msfs - ok 15:53:02.0756 2620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:53:02.0803 2620 mshidkmdf - ok 15:53:02.0819 2620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 15:53:02.0819 2620 msisadrv - ok 15:53:02.0866 2620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:53:02.0881 2620 MSiSCSI - ok 15:53:02.0881 2620 msiserver - ok 15:53:02.0912 2620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:53:02.0975 2620 MSKSSRV - ok 15:53:02.0990 2620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:53:03.0022 2620 MSPCLOCK - ok 15:53:03.0037 2620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:53:03.0084 2620 MSPQM - ok 15:53:03.0100 2620 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:53:03.0115 2620 MsRPC - ok 15:53:03.0131 2620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:53:03.0146 2620 mssmbios - ok 15:53:03.0162 2620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:53:03.0178 2620 MSTEE - ok 15:53:03.0193 2620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:53:03.0224 2620 MTConfig - ok 15:53:03.0240 2620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:53:03.0271 2620 Mup - ok 15:53:03.0287 2620 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 15:53:03.0318 2620 napagent - ok 15:53:03.0349 2620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:53:03.0412 2620 NativeWifiP - ok 15:53:03.0458 2620 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 15:53:03.0490 2620 NDIS - ok 15:53:03.0505 2620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:53:03.0521 2620 NdisCap - ok 15:53:03.0552 2620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:53:03.0568 2620 NdisTapi - ok 15:53:03.0568 2620 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:53:03.0614 2620 Ndisuio - ok 15:53:03.0630 2620 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:53:03.0661 2620 NdisWan - ok 15:53:03.0677 2620 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:53:03.0739 2620 NDProxy - ok 15:53:03.0755 2620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:53:03.0786 2620 NetBIOS - ok 15:53:03.0817 2620 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:53:03.0833 2620 NetBT - ok 15:53:03.0848 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 15:53:03.0864 2620 Netlogon - ok 15:53:03.0911 2620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:53:03.0973 2620 Netman - ok 15:53:04.0004 2620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:53:04.0036 2620 netprofm - ok 15:53:04.0067 2620 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:53:04.0082 2620 NetTcpPortSharing - ok 15:53:04.0114 2620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:53:04.0145 2620 nfrd960 - ok 15:53:04.0160 2620 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:53:04.0223 2620 NlaSvc - ok 15:53:04.0238 2620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:53:04.0285 2620 Npfs - ok 15:53:04.0301 2620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:53:04.0332 2620 nsi - ok 15:53:04.0363 2620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:53:04.0379 2620 nsiproxy - ok 15:53:04.0457 2620 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:53:04.0488 2620 Ntfs - ok 15:53:04.0504 2620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:53:04.0550 2620 Null - ok 15:53:04.0597 2620 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 15:53:04.0628 2620 nusb3hub - ok 15:53:04.0660 2620 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 15:53:04.0706 2620 nusb3xhc - ok 15:53:04.0769 2620 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 15:53:04.0800 2620 NVHDA - ok 15:53:05.0034 2620 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:53:05.0159 2620 nvlddmkm - ok 15:53:05.0206 2620 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:53:05.0221 2620 nvraid - ok 15:53:05.0221 2620 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:53:05.0237 2620 nvstor - ok 15:53:05.0299 2620 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc C:\Windows\system32\nvvsvc.exe 15:53:05.0315 2620 NVSvc - ok 15:53:05.0393 2620 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 15:53:05.0440 2620 nvUpdatusService - ok 15:53:05.0455 2620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 15:53:05.0455 2620 nv_agp - ok 15:53:05.0471 2620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 15:53:05.0502 2620 ohci1394 - ok 15:53:05.0533 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:53:05.0564 2620 p2pimsvc - ok 15:53:05.0596 2620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:53:05.0611 2620 p2psvc - ok 15:53:05.0627 2620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:53:05.0642 2620 Parport - ok 15:53:05.0674 2620 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:53:05.0674 2620 partmgr - ok 15:53:05.0689 2620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:53:05.0720 2620 PcaSvc - ok 15:53:05.0752 2620 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 15:53:05.0767 2620 pci - ok 15:53:05.0783 2620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 15:53:05.0783 2620 pciide - ok 15:53:05.0798 2620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:53:05.0814 2620 pcmcia - ok 15:53:05.0830 2620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:53:05.0830 2620 pcw - ok 15:53:05.0861 2620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:53:05.0892 2620 PEAUTH - ok 15:53:05.0970 2620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:53:06.0032 2620 PerfHost - ok 15:53:06.0079 2620 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 15:53:06.0142 2620 pla - ok 15:53:06.0188 2620 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:53:06.0220 2620 PlugPlay - ok 15:53:06.0235 2620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:53:06.0266 2620 PNRPAutoReg - ok 15:53:06.0282 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:53:06.0282 2620 PNRPsvc - ok 15:53:06.0313 2620 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:53:06.0360 2620 PolicyAgent - ok 15:53:06.0391 2620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:53:06.0454 2620 Power - ok 15:53:06.0500 2620 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:53:06.0578 2620 PptpMiniport - ok 15:53:06.0594 2620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:53:06.0610 2620 Processor - ok 15:53:06.0656 2620 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll 15:53:06.0688 2620 ProfSvc - ok 15:53:06.0688 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:53:06.0703 2620 ProtectedStorage - ok 15:53:06.0719 2620 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:53:06.0766 2620 Psched - ok 15:53:06.0828 2620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:53:06.0859 2620 ql2300 - ok 15:53:06.0875 2620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:53:06.0875 2620 ql40xx - ok 15:53:06.0906 2620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:53:06.0953 2620 QWAVE - ok 15:53:06.0968 2620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:53:07.0015 2620 QWAVEdrv - ok 15:53:07.0031 2620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:53:07.0062 2620 RasAcd - ok 15:53:07.0078 2620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:53:07.0093 2620 RasAgileVpn - ok 15:53:07.0109 2620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:53:07.0187 2620 RasAuto - ok 15:53:07.0202 2620 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:53:07.0280 2620 Rasl2tp - ok 15:53:07.0312 2620 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 15:53:07.0358 2620 RasMan - ok 15:53:07.0374 2620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:53:07.0452 2620 RasPppoe - ok 15:53:07.0468 2620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:53:07.0483 2620 RasSstp - ok 15:53:07.0514 2620 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:53:07.0561 2620 rdbss - ok 15:53:07.0592 2620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:53:07.0592 2620 rdpbus - ok 15:53:07.0608 2620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:53:07.0639 2620 RDPCDD - ok 15:53:07.0655 2620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:53:07.0702 2620 RDPENCDD - ok 15:53:07.0717 2620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:53:07.0748 2620 RDPREFMP - ok 15:53:07.0780 2620 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:53:07.0795 2620 RDPWD - ok 15:53:07.0811 2620 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:53:07.0811 2620 rdyboost - ok 15:53:07.0842 2620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:53:07.0920 2620 RemoteAccess - ok 15:53:07.0936 2620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:53:07.0951 2620 RemoteRegistry - ok 15:53:07.0967 2620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:53:08.0045 2620 RpcEptMapper - ok 15:53:08.0076 2620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:53:08.0170 2620 RpcLocator - ok 15:53:08.0201 2620 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 15:53:08.0263 2620 RpcSs - ok 15:53:08.0279 2620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:53:08.0310 2620 rspndr - ok 15:53:08.0357 2620 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 15:53:08.0357 2620 RTL8167 - ok 15:53:08.0372 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 15:53:08.0388 2620 SamSs - ok 15:53:08.0404 2620 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 15:53:08.0404 2620 sbp2port - ok 15:53:08.0419 2620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:53:08.0435 2620 SCardSvr - ok 15:53:08.0450 2620 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:53:08.0482 2620 scfilter - ok 15:53:08.0528 2620 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 15:53:08.0544 2620 Schedule - ok 15:53:08.0575 2620 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:53:08.0591 2620 SCPolicySvc - ok 15:53:08.0606 2620 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:53:08.0653 2620 SDRSVC - ok 15:53:08.0669 2620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:53:08.0716 2620 secdrv - ok 15:53:08.0731 2620 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 15:53:08.0778 2620 seclogon - ok 15:53:08.0809 2620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:53:08.0872 2620 SENS - ok 15:53:08.0887 2620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:53:08.0918 2620 SensrSvc - ok 15:53:08.0950 2620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:53:08.0981 2620 Serenum - ok 15:53:09.0012 2620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:53:09.0028 2620 Serial - ok 15:53:09.0059 2620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:53:09.0106 2620 sermouse - ok 15:53:09.0137 2620 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 15:53:09.0199 2620 SessionEnv - ok 15:53:09.0230 2620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:53:09.0277 2620 sffdisk - ok 15:53:09.0308 2620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:53:09.0340 2620 sffp_mmc - ok 15:53:09.0371 2620 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:53:09.0386 2620 sffp_sd - ok 15:53:09.0386 2620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:53:09.0418 2620 sfloppy - ok 15:53:09.0449 2620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:53:09.0511 2620 SharedAccess - ok 15:53:09.0542 2620 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:53:09.0589 2620 ShellHWDetection - ok 15:53:09.0620 2620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:53:09.0636 2620 SiSRaid2 - ok 15:53:09.0667 2620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:53:09.0667 2620 SiSRaid4 - ok 15:53:09.0714 2620 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:53:09.0745 2620 SkypeUpdate - ok 15:53:09.0761 2620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:53:09.0808 2620 Smb - ok 15:53:09.0839 2620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:53:09.0854 2620 SNMPTRAP - ok 15:53:09.0870 2620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:53:09.0886 2620 spldr - ok 15:53:09.0917 2620 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe 15:53:09.0964 2620 Spooler - ok 15:53:10.0073 2620 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 15:53:10.0151 2620 sppsvc - ok 15:53:10.0182 2620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:53:10.0244 2620 sppuinotify - ok 15:53:10.0276 2620 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:53:10.0322 2620 srv - ok 15:53:10.0354 2620 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:53:10.0369 2620 srv2 - ok 15:53:10.0369 2620 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:53:10.0400 2620 srvnet - ok 15:53:10.0432 2620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:53:10.0463 2620 SSDPSRV - ok 15:53:10.0478 2620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:53:10.0494 2620 SstpSvc - ok 15:53:10.0556 2620 Steam Client Service - ok 15:53:10.0634 2620 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:53:10.0681 2620 Stereo Service - ok 15:53:10.0712 2620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:53:10.0712 2620 stexstor - ok 15:53:10.0775 2620 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 15:53:10.0806 2620 stisvc - ok 15:53:10.0806 2620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:53:10.0822 2620 swenum - ok 15:53:10.0837 2620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:53:10.0868 2620 swprv - ok 15:53:10.0900 2620 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 15:53:10.0946 2620 SysMain - ok 15:53:10.0978 2620 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:53:11.0040 2620 TabletInputService - ok 15:53:11.0056 2620 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 15:53:11.0134 2620 TapiSrv - ok 15:53:11.0165 2620 TBPanel - ok 15:53:11.0180 2620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:53:11.0227 2620 TBS - ok 15:53:11.0305 2620 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:53:11.0336 2620 Tcpip - ok 15:53:11.0368 2620 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:53:11.0399 2620 TCPIP6 - ok 15:53:11.0414 2620 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:53:11.0461 2620 tcpipreg - ok 15:53:11.0477 2620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:53:11.0477 2620 TDPIPE - ok 15:53:11.0524 2620 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:53:11.0570 2620 TDTCP - ok 15:53:11.0586 2620 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:53:11.0633 2620 tdx - ok 15:53:11.0664 2620 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:53:11.0664 2620 TermDD - ok 15:53:11.0695 2620 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 15:53:11.0758 2620 TermService - ok 15:53:11.0773 2620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:53:11.0804 2620 Themes - ok 15:53:11.0820 2620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:53:11.0836 2620 THREADORDER - ok 15:53:11.0851 2620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:53:11.0929 2620 TrkWks - ok 15:53:11.0976 2620 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:53:12.0007 2620 TrustedInstaller - ok 15:53:12.0023 2620 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:53:12.0101 2620 tssecsrv - ok 15:53:12.0132 2620 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:53:12.0179 2620 tunnel - ok 15:53:12.0194 2620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:53:12.0210 2620 uagp35 - ok 15:53:12.0226 2620 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:53:12.0257 2620 udfs - ok 15:53:12.0272 2620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:53:12.0288 2620 UI0Detect - ok 15:53:12.0319 2620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 15:53:12.0335 2620 uliagpkx - ok 15:53:12.0350 2620 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:53:12.0350 2620 umbus - ok 15:53:12.0382 2620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:53:12.0413 2620 UmPass - ok 15:53:12.0444 2620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:53:12.0475 2620 upnphost - ok 15:53:12.0507 2620 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:53:12.0553 2620 usbccgp - ok 15:53:12.0569 2620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 15:53:12.0616 2620 usbcir - ok 15:53:12.0663 2620 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:53:12.0663 2620 usbehci - ok 15:53:12.0678 2620 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:53:12.0694 2620 usbhub - ok 15:53:12.0725 2620 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:53:12.0756 2620 usbohci - ok 15:53:12.0772 2620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:53:12.0787 2620 usbprint - ok 15:53:12.0819 2620 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:53:12.0819 2620 USBSTOR - ok 15:53:12.0850 2620 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:53:12.0881 2620 usbuhci - ok 15:53:12.0897 2620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:53:12.0975 2620 UxSms - ok 15:53:12.0990 2620 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 15:53:12.0990 2620 VaultSvc - ok 15:53:13.0021 2620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 15:53:13.0021 2620 vdrvroot - ok 15:53:13.0037 2620 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 15:53:13.0068 2620 vds - ok 15:53:13.0084 2620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:53:13.0099 2620 vga - ok 15:53:13.0115 2620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:53:13.0177 2620 VgaSave - ok 15:53:13.0193 2620 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 15:53:13.0193 2620 vhdmp - ok 15:53:13.0209 2620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 15:53:13.0209 2620 viaide - ok 15:53:13.0224 2620 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 15:53:13.0240 2620 volmgr - ok 15:53:13.0302 2620 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:53:13.0318 2620 volmgrx - ok 15:53:13.0365 2620 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 15:53:13.0380 2620 volsnap - ok 15:53:13.0411 2620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:53:13.0443 2620 vsmraid - ok 15:53:13.0489 2620 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 15:53:13.0521 2620 VSS - ok 15:53:13.0536 2620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:53:13.0552 2620 vwifibus - ok 15:53:13.0583 2620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:53:13.0614 2620 W32Time - ok 15:53:13.0630 2620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:53:13.0661 2620 WacomPen - ok 15:53:13.0677 2620 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:53:13.0739 2620 WANARP - ok 15:53:13.0755 2620 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:53:13.0770 2620 Wanarpv6 - ok 15:53:13.0801 2620 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 15:53:13.0848 2620 wbengine - ok 15:53:13.0864 2620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:53:13.0879 2620 WbioSrvc - ok 15:53:13.0926 2620 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:53:13.0942 2620 wcncsvc - ok 15:53:13.0957 2620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:53:13.0957 2620 WcsPlugInService - ok 15:53:13.0973 2620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:53:13.0989 2620 Wd - ok 15:53:14.0035 2620 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:53:14.0067 2620 Wdf01000 - ok 15:53:14.0082 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:53:14.0113 2620 WdiServiceHost - ok 15:53:14.0113 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:53:14.0129 2620 WdiSystemHost - ok 15:53:14.0160 2620 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll 15:53:14.0191 2620 WebClient - ok 15:53:14.0207 2620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:53:14.0238 2620 Wecsvc - ok 15:53:14.0269 2620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:53:14.0332 2620 wercplsupport - ok 15:53:14.0379 2620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:53:14.0410 2620 WerSvc - ok 15:53:14.0410 2620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:53:14.0441 2620 WfpLwf - ok 15:53:14.0457 2620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:53:14.0457 2620 WIMMount - ok 15:53:14.0472 2620 WinDefend - ok 15:53:14.0472 2620 WinHttpAutoProxySvc - ok 15:53:14.0503 2620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:53:14.0535 2620 Winmgmt - ok 15:53:14.0581 2620 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 15:53:14.0628 2620 WinRM - ok 15:53:14.0675 2620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:53:14.0691 2620 Wlansvc - ok 15:53:14.0691 2620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:53:14.0722 2620 WmiAcpi - ok 15:53:14.0737 2620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:53:14.0753 2620 wmiApSrv - ok 15:53:14.0769 2620 WMPNetworkSvc - ok 15:53:14.0769 2620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:53:14.0784 2620 WPCSvc - ok 15:53:14.0800 2620 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:53:14.0815 2620 WPDBusEnum - ok 15:53:14.0815 2620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:53:14.0862 2620 ws2ifsl - ok 15:53:14.0878 2620 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll 15:53:14.0909 2620 wscsvc - ok 15:53:14.0925 2620 WSearch - ok 15:53:15.0018 2620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:53:15.0049 2620 wuauserv - ok 15:53:15.0096 2620 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:53:15.0096 2620 WudfPf - ok 15:53:15.0143 2620 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:53:15.0190 2620 WUDFRd - ok 15:53:15.0205 2620 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:53:15.0252 2620 wudfsvc - ok 15:53:15.0283 2620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:53:15.0299 2620 WwanSvc - ok 15:53:15.0315 2620 ================ Scan global =============================== 15:53:15.0330 2620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:53:15.0361 2620 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll 15:53:15.0377 2620 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll 15:53:15.0393 2620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:53:15.0424 2620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:53:15.0424 2620 [Global] - ok 15:53:15.0424 2620 ================ Scan MBR ================================== 15:53:15.0439 2620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:53:15.0783 2620 \Device\Harddisk0\DR0 - ok 15:53:15.0783 2620 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 15:53:15.0939 2620 \Device\Harddisk1\DR1 - ok 15:53:15.0939 2620 ================ Scan VBR ================================== 15:53:15.0939 2620 [ 62538AFD1232A4D663430095BF2F2D9A ] \Device\Harddisk0\DR0\Partition1 15:53:15.0939 2620 \Device\Harddisk0\DR0\Partition1 - ok 15:53:15.0954 2620 [ 668E19F6E5CE7C4F346AE8AF6D504F00 ] \Device\Harddisk1\DR1\Partition1 15:53:15.0954 2620 \Device\Harddisk1\DR1\Partition1 - ok 15:53:15.0954 2620 ============================================================ 15:53:15.0954 2620 Scan finished 15:53:15.0954 2620 ============================================================ 15:53:15.0970 4240 Detected object count: 0 15:53:15.0970 4240 Actual detected object count: 0 15:53:33.0395 1564 Deinitialize success |
24.03.2013, 17:06 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exe Bitte die nächsten Log in CODE-Tags posten Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> F:\RECYCLER\e621ca05.exe |
24.03.2013, 17:49 | #7 |
| F:\RECYCLER\e621ca05.exe Bitte die nächsten Log in CODE-Tags posten Das verstehe ich nicht gut das mit strg a und dann strg C isdt logisch aber, was ist mit auf # gemeint die taste # drücken oder wie? Weil ich sondst nichts mit # sehe, aber wenn ich auf # drücke kommen die [code] sachen nicht |
24.03.2013, 17:55 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exeLesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
24.03.2013, 18:10 | #9 |
| F:\RECYCLER\e621ca05.exe Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke . Das verstehe ich nicht im Editor auf welches # symbol da gibt es keins bei mir Ok jetzt habe ich es verstanden Code:
ATTFilter ComboFix 13-03-24.03 - basti 24.03.2013 17:57:49.1.6 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8191.6700 [GMT 1:00] ausgeführt von:: c:\users\basti\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\basti\AppData\Roaming\E031.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-24 bis 2013-03-24 )))))))))))))))))))))))))))))) . . 2013-03-24 17:02 . 2013-03-24 17:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-24 17:02 . 2013-03-24 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-24 14:53 . 2013-03-04 13:53 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-23 11:31 . 2013-03-23 11:31 -------- d-----w- c:\users\basti\AppData\Roaming\Malwarebytes 2013-03-23 11:31 . 2013-03-24 14:10 -------- d-----w- c:\programdata\Malwarebytes 2013-03-23 11:31 . 2013-03-24 14:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-23 11:31 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-23 11:30 . 2013-03-23 11:30 -------- d-----w- c:\users\basti\AppData\Local\Programs 2013-03-22 10:58 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-21 00:17 . 2013-03-24 14:13 -------- d-----w- c:\windows\system32\SPReview 2013-03-21 00:16 . 2013-03-21 00:16 -------- d-----w- c:\windows\system32\EventProviders 2013-03-18 12:36 . 2013-03-18 12:36 -------- d-----w- c:\users\basti\AppData\Local\Microsoft_Corporation 2013-03-10 14:46 . 2013-03-10 14:46 -------- d-----w- c:\users\basti\AppData\Local\SKIDROW 2013-03-08 21:36 . 2013-03-08 21:36 -------- d-----w- c:\users\basti\AppData\Local\EA Games 2013-03-04 05:57 . 2013-03-04 14:09 -------- d-----w- c:\users\basti\AppData\Local\Skyrim 2013-03-03 21:17 . 2013-03-03 21:17 -------- d-----w- c:\users\basti\AppData\Local\Diagnostics 2013-03-03 18:35 . 2013-03-24 16:08 -------- d-----w- c:\program files (x86)\Steam 2013-03-03 18:35 . 2013-03-24 14:13 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-03-03 17:55 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2013-03-03 17:54 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll 2013-02-24 21:01 . 2013-03-24 14:13 -------- d-----w- c:\users\basti\AppData\Local\TeknoGods . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 17:50 . 2013-02-13 16:05 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 17:50 . 2013-02-13 16:05 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-25 23:32 . 2013-02-12 20:41 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-25 23:32 . 2013-02-12 20:42 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-25 23:32 . 2013-02-12 20:41 2826040 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-25 23:32 . 2012-10-10 20:23 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-25 23:32 . 2012-10-10 20:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-25 23:32 . 2012-10-10 20:22 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-25 23:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-25 23:32 . 2013-02-12 20:42 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-18 08:22 . 2013-02-18 08:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 08:22 . 2013-02-18 08:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 08:22 . 2013-02-18 08:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-17 02:08 . 2013-02-17 02:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-02-17 02:08 . 2013-02-17 02:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-17 02:08 . 2013-02-17 02:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-02-17 02:08 . 2013-02-17 02:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-02-17 02:08 . 2013-02-17 02:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-17 02:08 . 2013-02-17 02:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-17 02:08 . 2013-02-17 02:08 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-02-17 02:08 . 2013-02-17 02:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-17 02:08 . 2013-02-17 02:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-17 02:08 . 2013-02-17 02:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-17 02:08 . 2013-02-17 02:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-17 02:08 . 2013-02-17 02:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-17 02:08 . 2013-02-17 02:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-17 02:08 . 2013-02-17 02:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-02-17 02:08 . 2013-02-17 02:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-17 02:08 . 2013-02-17 02:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-17 02:08 . 2013-02-17 02:08 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-02-17 02:08 . 2013-02-17 02:08 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-02-17 02:08 . 2013-02-17 02:08 82432 ----a-w- c:\windows\system32\icardie.dll 2013-02-17 02:08 . 2013-02-17 02:08 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-02-17 02:08 . 2013-02-17 02:08 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-17 02:08 . 2013-02-17 02:08 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-17 02:08 . 2013-02-17 02:08 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-17 02:08 . 2013-02-17 02:08 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-02-17 02:08 . 2013-02-17 02:08 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-17 02:08 . 2013-02-17 02:08 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-17 02:08 . 2013-02-17 02:08 448512 ----a-w- c:\windows\system32\html.iec 2013-02-17 02:08 . 2013-02-17 02:08 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-17 02:08 . 2013-02-17 02:08 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-02-17 02:08 . 2013-02-17 02:08 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-02-17 02:08 . 2013-02-17 02:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-17 02:08 . 2013-02-17 02:08 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-17 02:08 . 2013-02-17 02:08 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-17 02:08 . 2013-02-17 02:08 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-02-17 02:08 . 2013-02-17 02:08 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-02-17 02:08 . 2013-02-17 02:08 222208 ----a-w- c:\windows\system32\msls31.dll 2013-02-17 02:08 . 2013-02-17 02:08 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-17 02:08 . 2013-02-17 02:08 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-02-17 02:08 . 2013-02-17 02:08 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-02-17 02:08 . 2013-02-17 02:08 160256 ----a-w- c:\windows\system32\wextract.exe 2013-02-17 02:08 . 2013-02-17 02:08 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-02-17 02:08 . 2013-02-17 02:08 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-17 02:08 . 2013-02-17 02:08 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-02-17 02:08 . 2013-02-17 02:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-17 02:08 . 2013-02-17 02:08 12288 ----a-w- c:\windows\system32\mshta.exe 2013-02-17 02:08 . 2013-02-17 02:08 114176 ----a-w- c:\windows\system32\admparse.dll 2013-02-17 02:08 . 2013-02-17 02:08 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-17 02:08 . 2013-02-17 02:08 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-17 02:08 . 2013-02-17 02:08 103936 ----a-w- c:\windows\system32\inseng.dll 2013-02-15 21:11 . 2013-02-15 21:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-15 21:11 . 2013-02-15 21:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-15 21:11 . 2013-02-15 21:11 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-18 15:00 . 2011-01-06 19:39 6390048 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-18 15:00 . 2011-01-06 19:39 3460896 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-18 15:00 . 2013-02-17 02:05 2953448 ----a-w- c:\windows\system32\nvcoproc.bin 2013-01-18 15:00 . 2011-01-06 19:38 118560 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-18 15:00 . 2011-01-06 19:38 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-18 15:00 . 2011-01-06 19:38 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-01-18 15:00 . 2011-01-06 19:38 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-01-18 07:15 . 2013-01-18 07:15 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-01-05 05:57 . 2013-02-13 16:51 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:02 . 2013-02-13 16:51 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:02 . 2013-02-13 16:51 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:41 . 2013-02-13 16:43 1893224 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-04 05:40 . 2013-02-13 16:43 287576 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-01-04 05:37 . 2013-02-13 16:44 362496 ----a-w- c:\windows\system32\wow64win.dll 2013-01-04 05:37 . 2013-02-13 16:44 243200 ----a-w- c:\windows\system32\wow64.dll 2013-01-04 05:37 . 2013-02-13 16:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2013-01-04 05:36 . 2013-02-13 16:44 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 05:33 . 2013-02-13 16:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2013-01-04 05:30 . 2013-02-13 16:44 424960 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-04 05:30 . 2013-02-13 16:44 1161216 ----a-w- c:\windows\system32\kernel32.dll 2013-01-04 05:27 . 2013-02-13 16:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-04 05:27 . 2013-02-13 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-01-04 05:26 . 2013-02-13 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-04 05:26 . 2013-02-13 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-04 05:26 . 2013-02-13 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-01-04 05:26 . 2013-02-13 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-12-20 20:56 1521952 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2010-12-23 2259568] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-15 1632680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 1574176] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-12 565472] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Inhalt des "geplante Tasks" Ordners . 2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 17:50] . 2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job - c:\users\basti\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13 16:13] . 2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job - c:\users\basti\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13 16:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = fbdirecto.net/1/ mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-Ogdkdy - c:\users\basti\AppData\Roaming\Ogdkdy.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-24 18:03:33 ComboFix-quarantined-files.txt 2013-03-24 17:03 . Vor Suchlauf: 23 Verzeichnis(se), 828.121.661.440 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 828.016.369.664 Bytes frei . - - End Of File - - 45CC69C7AC256F698C314D5EEAFDC261 |
25.03.2013, 12:55 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exe JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
25.03.2013, 16:59 | #11 |
| F:\RECYCLER\e621ca05.exe so nach dem neu start vom adwcleaneer kam eine meldung c:\User\***\AppData\Roaming\OpenCandy\E90C284E83954476A0218B6AE6EB7205\OCBrowserHelper_1.0.4.106.dll Das angegebene Modul wurde nicht gefunden hier sind die logs Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.3 (03.23.2013:1) OS: Windows 7 Home Premium x64 Ran by basti on 25.03.2013 at 16:28:52,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3127675848-68977983-1399159111-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthost.tool Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthost.tool.1 Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\basti\AppData\Roaming\opencandy" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.03.2013 at 16:35:05,74 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.115 - Datei am 25/03/2013 um 16:37:47 erstellt # Aktualisiert am 17/03/2013 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : basti - BASTI-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\basti\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Users\basti\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\basti\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54-9c86-43ea-a352-87eb311fa7a9&searchtype=ds&p={searchTerms}&fr=linkury-tb --> hxxp://www.google.com -\\ Google Chrome v25.0.1364.172 Datei : C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.33] : search_url = "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bcda54[...] ************************* AdwCleaner[S1].txt - [6730 octets] - [25/03/2013 16:37:47] ########## EOF - C:\AdwCleaner[S1].txt - [6790 octets] ########## Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 16:45:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Desktop\Anti-Virus Programme 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,47% Memory free 16,00 Gb Paging File | 13,83 Gb Available in Paging File | 86,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 770,76 Gb Free Space | 82,74% Space Free | Partition Type: NTFS Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 931,51 Gb Total Space | 741,69 Gb Free Space | 79,62% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{046041BF-6189-49C0-A122-1951050A9350}" = lport=10243 | protocol=6 | dir=in | app=system | "{0CB99028-99B9-48A5-A258-C91E41F02359}" = rport=10243 | protocol=6 | dir=out | app=system | "{17190016-7837-467A-9B45-2E3695BAC63F}" = lport=445 | protocol=6 | dir=in | app=system | "{254ED800-1AE5-4ED6-BB33-FEBA652D5EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{309D4A84-A3D0-4F9B-8641-D498EE4DC94D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{315A1CCA-2561-4BDC-9A61-2403502EA240}" = rport=445 | protocol=6 | dir=out | app=system | "{4249BBBB-ABD5-4E66-A3C8-DE3238449046}" = lport=139 | protocol=6 | dir=in | app=system | "{5DB3E68D-5377-4682-9452-6B9A5AEDC9DA}" = lport=138 | protocol=17 | dir=in | app=system | "{65ACCD6C-27C6-474E-9ABA-5E0C999808CC}" = rport=137 | protocol=17 | dir=out | app=system | "{75F8A28E-32B5-498F-90AB-020C38172BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{913221AB-7CCF-43D7-9BF5-2E6A750DCF84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93D895B6-6015-415A-9E73-9965110E8966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{993B658F-957F-4264-8BED-C72C7924746D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9E7616E0-4C42-4266-9492-8B019DE53051}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A0008364-532F-4A51-891B-00897C8DEAD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B5972BC3-A401-44A1-B16F-43A72877E084}" = lport=137 | protocol=17 | dir=in | app=system | "{B9AD5EB0-316E-46DB-8235-8F2B27027FF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BBE053A5-069E-43F0-B331-722B951E303B}" = rport=138 | protocol=17 | dir=out | app=system | "{C445E835-832E-4A4A-98AC-CA862ED15FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC28F4C1-16B1-4182-929B-47E0F9D0FA2D}" = lport=2869 | protocol=6 | dir=in | app=system | "{E41C9F8C-E2F6-4EDC-A0B5-17249218761E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F096F259-9EBA-41DD-9E09-47364992C98C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F56682DA-8078-4D16-BE63-C8E87DFD7E52}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E3A335-E89E-4E6B-98EC-B1AD758BA9D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{077BB950-5095-4DD0-9673-7A9696415A60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0889DD7A-2D98-45A0-915B-C61FA816ED1B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{0B3EA404-C2A0-4D6E-BC90-BC29161395E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1443C81B-37F4-4882-8F46-5E311C71DE20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{20EE0F13-E7DF-4D06-89B1-4E1EE4CB3BF2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{22AD454C-3A8D-4891-9B25-7E76AF146B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{2B62394D-19B8-43B3-93C8-E73A8303AC6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{39F8D502-0EB0-4D15-8800-0E8D04C64A75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3D8A0EE5-C3A2-4132-A571-9D5E1FC001A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4654928D-DBBD-44ED-B838-4CC15BD22938}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4AC9509B-BF3C-42A7-A826-F3AD04FD7BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5EA5E196-2097-44CA-B7FA-DC4FDDA82F30}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6FF1B221-31B5-4230-B3BD-99D2A61320EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{82A30414-EB7E-46A8-A356-0567FDDDF826}" = protocol=6 | dir=out | app=system | "{8506E774-041E-484C-90AF-35FD603DF1BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{950C6B7D-EE5E-46EF-A934-4EA86AA30AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{99F6D0C6-A5F0-40EA-A701-8607E8522686}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9C4BA0BE-E823-4872-BD35-8DE2BEEEB15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A7F313FE-0A46-469A-933F-223CCDF10358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D209E725-8A0A-4C63-88B0-152CF3E9A92A}" = protocol=58 | dir=in | app=system | "{DBCB20B5-772D-48A1-9D58-D42CC8A19C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E423B589-DB6B-42F2-B3B0-D0178607AE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1FC07E5-E83E-4A3F-A595-7FBDCE2280A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F78857FD-670D-4BA3-A311-70FF04C3634D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FC7E7C69-9CC0-4A16-8C73-FB116519B9D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{0E410E0C-DBBA-41A0-B613-4576E9C527F2}C:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5sp.exe | "TCP Query User{18861116-2515-4D7C-BEB4-B01C1CCA9A4B}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe | "TCP Query User{3D03630A-5B4F-4A9E-8B4D-6AE4A807F54F}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe | "TCP Query User{43D016D6-33A9-408B-BBDB-64BA4BBDA3E3}F:\spiele1\empire earth\empire earth.exe" = protocol=6 | dir=in | app=f:\spiele1\empire earth\empire earth.exe | "TCP Query User{4C880C81-2AD1-4699-B093-A23C11A0575D}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe | "TCP Query User{509B228D-C967-414A-B9A0-10595BBEA68F}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin | "TCP Query User{5E48E488-6B58-400B-A25C-2FFDD5101BB9}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin | "TCP Query User{606A895A-F030-4CE6-90D5-170DB3B5D20E}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe | "TCP Query User{823B1FE6-92F1-4C2A-8554-696ECCF95EE5}F:\metin2\metin2client.bin" = protocol=6 | dir=in | app=f:\metin2\metin2client.bin | "TCP Query User{9579B278-E932-4443-9A93-0EC6FF717AA9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{9EE1A822-EF67-4B7A-B080-0D26F9F7DA75}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe | "UDP Query User{6AE8803C-8E99-4C6C-A854-5A4F956D0D4B}F:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\spiele\nfs most wanted\need for speed most wanted\nfs13.exe | "UDP Query User{7A593A2E-C269-4FC3-93C6-CC92D2147C6C}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin | "UDP Query User{8E2EF7D7-4DCC-4386-8E9B-53B777675346}C:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp.exe | "UDP Query User{8FD08008-C20F-4E46-B232-51E260920F51}C:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5sp.exe | "UDP Query User{A42EE3E0-67F5-4158-81B8-C188BA9DD736}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin | "UDP Query User{B25C9687-FA2E-43BC-A82F-094DF520884E}F:\spiele1\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5mp.exe | "UDP Query User{C90683E7-6355-4656-BA83-3C6A03875BF1}F:\metin2\metin2client.bin" = protocol=17 | dir=in | app=f:\metin2\metin2client.bin | "UDP Query User{D2E33147-8EB7-4FB1-BF03-54896444572D}F:\spiele1\empire earth\empire earth.exe" = protocol=17 | dir=in | app=f:\spiele1\empire earth\empire earth.exe | "UDP Query User{D552B5F0-F7D9-4677-AF29-754298D021EE}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{D66194BA-8404-42CF-8EB9-5A8740C0033C}F:\spiele1\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=f:\spiele1\call of duty modern warfare 3\iw5sp.exe | "UDP Query User{FD73DD3E-F798-4265-AE53-2AB578AE644D}C:\spiele1\call of duty modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\spiele1\call of duty modern warfare 3\iw5mp_server.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{32A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MySSID_is1" = EXPERTool 7.16 "Need for Speed Most Wanted_is1" = Need for Speed Most Wanted "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Steam App 72850" = The Elder Scrolls V: Skyrim "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome < End of report > Code:
ATTFilter OTL logfile created on: 25.03.2013 16:45:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\basti\Desktop\Anti-Virus Programme 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,47% Memory free 16,00 Gb Paging File | 13,83 Gb Available in Paging File | 86,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 770,76 Gb Free Space | 82,74% Space Free | Partition Type: NTFS Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 931,51 Gb Total Space | 741,69 Gb Free Space | 79,62% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\basti\Desktop\Anti-Virus Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Gainward Co.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll () MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll () MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll () MOD - C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - C:\Program Files (x86)\EXPERTool\TBManage.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys (Siliten) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = fbdirecto.net/1/ IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 7A B6 02 62 09 CE 01 [binary data] IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\..\SearchScopes\{0B2E1175-4E0B-46B1-A7D9-F477E60F2122}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=be8393d0-34dd-4927-9451-fe0c977105a7&apn_sauid=B64D5FB6-00F2-48C2-AC9F-5A8A17954E73 IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3127675848-68977983-1399159111-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basti\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\basti\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2013.03.24 18:02:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3127675848-68977983-1399159111-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3127675848-68977983-1399159111-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3127675848-68977983-1399159111-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2ADC8C-3CCF-4D36-B4BD-CADDCD830F7A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~4\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 16:28:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.25 16:28:24 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.24 18:07:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.24 18:03:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.24 17:56:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.24 17:56:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.24 17:56:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.24 17:56:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.24 17:56:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.24 17:45:04 | 005,044,071 | R--- | C] (Swearware) -- C:\Users\basti\Desktop\ComboFix.exe [2013.03.24 13:35:08 | 000,000,000 | ---D | C] -- C:\Users\basti\Desktop\Anti-Virus Programme [2013.03.23 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Roaming\Malwarebytes [2013.03.23 12:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.23 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.23 12:31:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.23 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.23 12:30:56 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Programs [2013.03.22 11:58:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.21 01:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.21 01:16:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.18 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Microsoft_Corporation [2013.03.14 03:00:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 03:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 03:00:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 03:00:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 03:00:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 03:00:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 03:00:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 03:00:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 03:00:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 03:00:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 03:00:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 03:00:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 03:00:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.10 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\SKIDROW [2013.03.08 22:36:59 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\EA Games [2013.03.08 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\EA Games [2013.03.04 06:57:17 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Skyrim [2013.03.03 22:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.03.03 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\Diagnostics [2013.03.03 20:38:38 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\My Games [2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.03.03 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.03.03 05:25:31 | 000,000,000 | ---D | C] -- C:\Users\basti\Documents\Criterion Games [2013.02.26 00:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.26 00:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.26 00:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.26 00:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.26 00:32:36 | 000,958,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.02.26 00:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.26 00:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.26 00:32:32 | 000,245,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.02.26 00:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.26 00:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.26 00:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.26 00:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.26 00:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.26 00:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.26 00:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.26 00:32:04 | 000,201,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.02.24 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\basti\AppData\Local\TeknoGods [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.25 16:48:20 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 16:48:20 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 16:45:02 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.25 16:45:02 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.25 16:45:02 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.25 16:45:02 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.25 16:45:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.25 16:40:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 16:40:45 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 16:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001UA.job [2013.03.24 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 18:02:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.24 17:48:50 | 005,044,071 | R--- | M] (Swearware) -- C:\Users\basti\Desktop\ComboFix.exe [2013.03.24 12:37:25 | 000,000,000 | ---- | M] () -- C:\Users\basti\defogger_reenable [2013.03.23 12:31:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.18 13:33:14 | 000,000,000 | -H-- | M] () -- C:\Users\basti\Documents\Default.rdp [2013.03.14 21:40:08 | 000,002,372 | ---- | M] () -- C:\Users\basti\Desktop\Google Chrome.lnk [2013.03.13 18:50:53 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 18:50:53 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.13 17:03:58 | 000,000,165 | ---- | M] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls [2013.03.08 10:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3127675848-68977983-1399159111-1001Core.job [2013.03.03 22:21:42 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.03.03 19:35:37 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.26 00:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.02.26 00:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.02.26 00:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.02.26 00:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.02.26 00:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.02.26 00:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.02.26 00:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2013.02.26 00:32:38 | 001,107,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.02.26 00:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.02.26 00:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.02.26 00:32:36 | 000,958,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.02.26 00:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.02.26 00:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.02.26 00:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2013.02.26 00:32:32 | 000,245,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.02.26 00:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.02.26 00:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.02.26 00:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.02.26 00:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.02.26 00:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.02.26 00:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.02.26 00:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.26 00:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.02.26 00:32:04 | 000,201,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 17:56:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.24 17:56:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.24 17:56:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.24 17:56:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.24 17:56:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.24 12:37:25 | 000,000,000 | ---- | C] () -- C:\Users\basti\defogger_reenable [2013.03.23 12:31:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.18 13:33:14 | 000,000,000 | -H-- | C] () -- C:\Users\basti\Documents\Default.rdp [2013.03.13 17:03:57 | 000,000,165 | ---- | C] () -- C:\Users\basti\Desktop\listen-aacisdn (1).pls [2013.03.03 22:21:42 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.03.03 19:35:36 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.13 17:36:29 | 000,000,017 | ---- | C] () -- C:\Users\basti\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
25.03.2013, 19:54 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exe Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
26.03.2013, 02:36 | #13 |
| F:\RECYCLER\e621ca05.exeCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.25.14 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 basti :: BASTI-PC [administrator] 25.03.2013 21:03:05 mbar-log-2013-03-25 (21-03-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27885 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1b7452194c0a994e8b68b57775895b08 # engine=13483 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-25 10:05:47 # local_time=2013-03-25 11:05:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1799 16775165 100 96 23676 229672437 16463 0 # compatibility_mode=5893 16776574 66 85 116654818 116654818 0 0 # scanned=304043 # found=21 # cleaned=0 # scan_time=6387 sh=ECCAE862016CBB8C05B1CAA98D0FCEA597D777D9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\BASTI-PC\Backup Set 2012-12-30 190000\Backup Files 2012-12-30 190000\Backup files 2.zip" sh=9ED9D9F73154C47CFCE11AE4C6444AC5FF7168E6 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\BASTI-PC\Backup Set 2013-01-13 190000\Backup Files 2013-01-13 190000\Backup files 3.zip" sh=679D5F85D24D96CC7C0FCA6C507CDA4793D865B9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\BASTI-PC\Backup Set 2013-01-27 190006\Backup Files 2013-01-27 190006\Backup files 3.zip" sh=0EF9B862260C0563376901988203C1EB447DEF48 ft=1 fh=ca5630165ecb7221 vn="a variant of Win32/Injector.AEDM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\basti\AppData\Roaming\E031.exe.vir" sh=C2A761E51C5F5C5CD54A6524B991F680523F20BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\$RECYCLE.BIN.lnk" sh=F18137DD5C527CC3A1C2A462D9E63F49744416BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\bilder 1.lnk" sh=98BD904AD07343559576C72E94233908323C43CD ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Bilder.lnk" sh=8797AABEEE0F52F70B1CD361B94CF6788605D402 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\filme.lnk" sh=95EDCFACEEC9217C573DA2209BEE960202D2BD43 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Firefox.lnk" sh=F39A4483AD95557F05E63EF5FD592F07E071C118 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Metin2.lnk" sh=317C87E43981C737DC35C7B7839D4F8C4175D7ED ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Minecraft ordner.lnk" sh=AAA8CDC464E7A152E2798C031070E1DE343C0D73 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Musik.lnk" sh=E65F78024F86B2C1D8422E89BE9E0B989FB1D570 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\musik12.lnk" sh=6D6326C0527634919F944DE9506EABE4B03016B3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Programme 1.lnk" sh=0F12B0BD909B0A6B23E63EF10EA4C42298293F5A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Programme.lnk" sh=1C94ED2263CF0D89B90F4A091D63FED8DE9B3469 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Programme2.lnk" sh=A2E64620C3226015A0BDB917AA6ED0C79F32933F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Serien.lnk" sh=98F511A82936F615ED78DD46FBF485E458593169 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\Spiele.lnk" sh=3F0F4E18EEC677451C7FC8FC4A72B40E5A851E73 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\spiele1.lnk" sh=7BC9617128898B7B4A74FC741BDBF302FFC8C96E ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\System Volume Information.lnk" sh=78D753118491038E3BE30C391772C55C821B8314 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="F:\youtubedownlaoer.lnk" |
26.03.2013, 10:40 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | F:\RECYCLER\e621ca05.exeFixen mit OTL
Code:
ATTFilter :Files F:\*.lnk ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
26.03.2013, 16:43 | #15 |
| F:\RECYCLER\e621ca05.exe woher weiß ich ob ich für das * bei F:\*.Ink meinen name ein fügen muss oder nicht |
Themen zu F:\RECYCLER\e621ca05.exe |
antivir, autorun, avira, avira searchfree toolbar, bho, crystaldiskinfo, desktop, echtzeit-scanner, entfernen, festplatte, firefox, flash player, google, install.exe, logfile, metin2, object, plug-in, problem, programm, realtek, registry, rundll, security, software, svchost.exe, usb, win32/adware.multiplug.h, win32/dorkbot.d, win32/injector.aedm |