|
Log-Analyse und Auswertung: Computer fährt sich automatisch herunter - BackDoor.Generic16.AUUYWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.03.2013, 22:25 | #1 |
| Computer fährt sich automatisch herunter - BackDoor.Generic16.AUUY Hallo, mein Bruder hat mich um Hilfe gebeten, da sich sein Computer seit heute automatisch herunterfährt. Außerdem versetzt das Drücken von shift+rechte maustaste de Computer in den Standby-Modus. Ein Virenscan mit AVG hat einen angeblichen Trojaner (C:\ProgramData\InstallMate\{80AE8830-1204-42C1-A02A-5A265B4DAAC6}\_Setup.dll) BackDoor.Generic16.AUUY erkannt und angeblich auch entfernt. Die Datei stammt aus einem Minecraft-Texturepack (Greenfield). Viele Grüße, Daniel Hier nun die Logfiles der in der Howto aufgeführten Programme, nach dem Virenscan: Code:
ATTFilter OTL logfile created on: 29.03.2013 20:16:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 82,37% Memory free 15,90 Gb Paging File | 13,70 Gb Available in Paging File | 86,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,87 Gb Total Space | 209,59 Gb Free Space | 71,56% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 634,72 Gb Free Space | 99,40% Space Free | Partition Type: NTFS Drive F: | 977,00 Mb Total Space | 975,27 Mb Free Space | 99,82% Space Free | Partition Type: FAT32 Computer Name: PHILIPP | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.29 20:09:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2013.03.28 14:55:53 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2013.02.22 15:30:32 | 003,818,776 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.02.07 11:05:04 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 11:05:04 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 11:04:54 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.02.07 11:04:44 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.26 18:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.03.28 14:55:54 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll MOD - [2013.03.22 20:15:07 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.03.22 20:15:06 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.03.21 07:26:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.03.21 07:25:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.03.21 07:25:54 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.03.21 07:25:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.03.21 07:25:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.03.21 07:25:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.03.21 07:25:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.03.21 07:25:32 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 11:53:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 11:55:58 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlms\wlms.exe -- (WLMS) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.29 13:15:45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.26 06:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.22 15:30:32 | 003,818,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.07 11:05:04 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 11:05:04 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 11:04:54 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.07 11:04:44 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 18:20:07 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.09 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.just-browse.info/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.just-browse.info/ IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.09 14:27:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.25 16:25:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.25 16:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://websearch.just-browse.info/ CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfpgbkgfmfdjocnpkaofmoeonahfkbg\1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Browse2save) - {8516D315-53C8-533C-489E-E21AB79DB1D6} - C:\ProgramData\Browse2save\50fda15050927.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [BrowserChoice] C:\Windows\SysNative\browserchoice.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found O4:64bit: - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found O4:64bit: - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found O4:64bit: - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found O4:64bit: - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O4:64bit: - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B38B08-9AA1-4EAE-A5BF-0A6B080E2CA3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll () O20 - AppInit_DLLs: (c:\progra~2\justbr~1\sprote~1.dll) - c:\progra~2\justbr~1\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e572ef49-4eb8-11e2-826d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e572ef49-4eb8-11e2-826d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe O33 - MountPoints2\{ec2e5e59-4e89-11e2-8f63-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ec2e5e59-4e89-11e2-8f63-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.27 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish [2013.03.27 11:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clownfish [2013.03.19 22:29:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.19 22:28:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.08 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.03.03 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2013.03.03 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2013.03.02 12:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.03.02 12:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.03.02 12:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.28 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CrashDumps [2013.02.28 15:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2013.02.28 15:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2013.02.28 15:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2013.02.28 14:17:02 | 000,000,000 | ---D | C] -- C:\Nexon [2013.02.28 14:17:01 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.29 20:13:02 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.03.29 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.29 19:51:36 | 000,011,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 19:51:36 | 000,011,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 19:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.29 19:40:15 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.29 19:40:15 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.29 19:40:15 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.29 19:40:15 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.29 19:40:15 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.29 18:20:22 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.03.29 18:20:07 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.03.29 18:20:00 | 2107,092,991 | -HS- | M] () -- C:\hiberfil.sys [2013.03.29 12:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.03.27 11:44:04 | 000,001,905 | ---- | M] () -- C:\Users\Admin\Desktop\Clownfish.lnk [2013.03.21 07:22:55 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.08 16:03:00 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.03.02 12:01:28 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.03.01 20:31:46 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.01 20:31:37 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.28 15:45:30 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.28 15:45:30 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.29 20:13:02 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.03.02 12:01:28 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.28 14:17:02 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.02 22:09:05 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.12.27 22:24:46 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat [2012.12.27 22:24:02 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.25 13:10:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.25 13:07:58 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.25 13:07:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.12.25 13:07:58 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.25 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2013 [2013.02.09 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2013.02.09 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.08 20:38:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Guitar Pro 6 [2013.01.02 21:03:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient [2013.01.21 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SendSpace [2013.02.02 22:09:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tobit [2012.12.25 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.03.2013 20:16:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 82,37% Memory free 15,90 Gb Paging File | 13,70 Gb Available in Paging File | 86,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,87 Gb Total Space | 209,59 Gb Free Space | 71,56% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 634,72 Gb Free Space | 99,40% Space Free | Partition Type: NTFS Drive F: | 977,00 Mb Total Space | 975,27 Mb Free Space | 99,82% Space Free | Partition Type: FAT32 Computer Name: PHILIPP | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0049FB02-72E2-4995-B31A-59529E76CEA4}" = rport=138 | protocol=17 | dir=out | app=system | "{1A4F74E1-B615-4FA0-97A9-74708F86ECD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23707676-C3D2-4BFA-82AD-4B5E66FC801A}" = lport=139 | protocol=6 | dir=in | app=system | "{2D038262-70B2-46E8-AEE6-270E92AE2BFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3B6DF22D-4CC9-4AB4-840C-F495A8F7EDF9}" = lport=56986 | protocol=17 | dir=in | name=pando media booster | "{5FC1C11E-0A1A-44CF-940C-7350F79A7442}" = lport=56986 | protocol=6 | dir=in | name=pando media booster | "{63F96D04-1158-469C-A96D-BA02A39F371A}" = rport=445 | protocol=6 | dir=out | app=system | "{6D756AE5-28F5-48B6-8D86-796E89241DE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71788C6B-1B5F-40CB-9638-A36F6D5AFA38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{753DDA19-3958-4033-89A5-CF782C9FDC90}" = lport=56986 | protocol=17 | dir=in | name=pando media booster | "{782CECDF-530C-4CFF-A859-F6F2BA150535}" = lport=445 | protocol=6 | dir=in | app=system | "{7B14111E-01E9-4937-8571-3749F2601036}" = lport=137 | protocol=17 | dir=in | app=system | "{807D9FE7-C9A9-4056-A6CD-B40CE1A39B8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{843CBE8B-8B56-4E5D-8AB2-0F6F93A1466B}" = rport=139 | protocol=6 | dir=out | app=system | "{8FFB49C4-F65E-4C9D-AA0A-1C6EED333216}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D2FC9F80-B6EF-4CA3-BD0F-DA752176BEBC}" = rport=137 | protocol=17 | dir=out | app=system | "{E9E18868-274B-4B12-B976-4797DEAA76F7}" = lport=56986 | protocol=6 | dir=in | name=pando media booster | "{F209BDD7-9A62-47D9-897E-E6D0E2EB9383}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0251CA68-EE5C-4A47-A10E-6D25E3BB8425}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0F57559A-A1DF-451C-81B2-16332DA2E9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{11E7F76A-2790-48DB-A47B-E02B2D7EB8EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{1831F596-D556-4AC3-959E-F6108F416E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{1D58295B-2300-427C-8E8B-93E468119E55}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | "{2096098C-96CE-4286-B0E5-78D68A904F5B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{25086251-492F-456E-90D2-52900AB559DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{25661D1B-EC19-4C5D-9F7D-695AE6579472}" = protocol=6 | dir=in | app=c:\games\combat arms eu\nmservice.exe | "{28F6121D-AD79-437B-BCA6-684B65F4117D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{29FE5BCE-53A5-4C7C-BB5C-12AAE7649F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{2C5DE991-59D5-40EC-B3AC-701CADA64D30}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{334B4775-0184-4884-B11F-AB36C18C1910}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{36FF03D8-CF9C-44A7-BA03-E507E2AA4488}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe | "{4D12F41D-D88A-4524-9761-377E45B7CC01}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{4D61FE3B-5E99-4A42-8612-5ED3DF12709F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{4E5C03BC-AFE0-451F-BEC7-EBD76AB44DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe | "{55561E22-C9DE-400B-BD60-FA60771D962E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{5710A352-305E-48E3-8DBA-6269AAA8E627}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe | "{5F94517D-8474-4526-9566-03D21724B63C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{5FBC2B45-16A4-4604-A98F-8BD8749279FA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{61AA0478-614B-44B0-B7F4-41FC6EFE2E80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{63D59AA7-E3F3-4C60-93E2-43800725BD3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6524E0B1-5186-4770-BCDF-15663A09DF35}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{665EED5F-DBCD-42E9-90C4-6C769FAD0453}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | "{669EF229-13C8-41D5-8D3C-24067D3A84D7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6A143053-FEB3-4F35-A958-1E8D283DE2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{70CB844F-E45D-402A-AEE6-10EC9DAF4FC2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{820B99F6-D154-4E55-9F87-267556E775F9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{8616897D-2391-4BF2-BFFA-2E4E057D12D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{86CEADBB-25FE-406D-AFD9-1873F0D2FB1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8AFE5EED-8DB6-42DF-AE8A-1A106A4AD149}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{8BA44ADB-70F2-4B09-A02A-6E7F50A22CC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{94E0C500-E955-4481-BABE-40F8C64EB1DB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{A0FED40F-0619-49F7-9C06-E9E242AF5350}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{AAD538B2-4F88-4460-AD4D-73D4D0934EFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AD726609-7E56-4EB3-A59A-5AE0AE43E5B7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AEE6F049-4BE2-4C3A-B414-B32BFFCDFC4C}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{B2735BF8-3D36-4C66-B057-860FAB884D4F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{B527C61C-D567-4793-B901-294477071632}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{BFC27B24-9780-4940-BB33-D8B74EA6B966}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C1E446CD-052A-457D-A255-BF163F33C83F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe | "{C446AC5C-F6AD-4CD4-947E-B7153880B3A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{CFF563E9-5CAF-42D9-8570-4EFCA5D26D90}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{D7BCF390-4FA6-41D9-9BA8-5545C60AADA9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{DE472750-4775-4CAD-87BD-33AE76B1769A}" = protocol=17 | dir=in | app=c:\games\combat arms eu\nmservice.exe | "{E1DFC65F-926D-41D4-A175-87092330719C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{EA1898C1-3B0B-4EA0-BF21-FDE4881581CB}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | "{ECA1C595-0181-4471-8FA0-87499A0A28F1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F1700C0B-E46B-4A92-8CAB-2452888373A0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{F2B36DB9-34E8-4F25-A237-52B848F9EDC2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F65D0D31-6ACF-4B4D-A02C-11BDDDFD5B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{FAC1B23A-2605-46BA-96FD-CF93C4C11C24}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | "{FB8EEF44-846A-435D-B32D-7408395F0515}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{FCA53F8B-451F-4B8C-888B-D14478B98715}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "TCP Query User{04F90FB9-42F3-4D0E-B9F9-E123335E7161}C:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe | "TCP Query User{11F95E23-AB42-435C-BFF1-BFC769E07334}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{6CD11F22-8BAC-43EA-9A0D-8EE62E0EEAA8}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | "TCP Query User{883BE1C2-4F18-419D-9D68-24C15EC968C6}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "TCP Query User{9B274D0A-1EA6-4B88-B3AA-881725D817A7}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | "TCP Query User{A46F1F0F-E4E3-47FA-AF5C-89B83FB123D8}C:\games\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\games\metin2\metin2client.bin | "TCP Query User{B9049984-B4FA-4D78-BECB-5EEF6A623B80}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "TCP Query User{C8BDC9DB-EC7B-4029-A0C6-1E65BC285125}C:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\games\tera\tera-launcher.exe | "TCP Query User{CF49FA14-0EEC-44CA-8A89-C9FA5DAD0A49}C:\games\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\games\combat arms eu\engine.exe | "TCP Query User{E29E5EC1-2EC2-48F6-AEBE-A2C6BD232C1D}C:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe | "TCP Query User{E5997DCC-973E-43A7-A2E1-231218701114}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{E92B1E5C-2791-495F-8303-1CADD05138D2}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{EE17D420-B0CE-45FF-8F8C-D1B1697E22A1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{1FD88EA7-6BF4-49C6-BF6B-82A4ED0E4983}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{44EA7F7D-99B5-445E-B98D-BC3637BEED8D}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | "UDP Query User{89E2ACF1-FA8A-4839-833C-73C64A6BBE3B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{8B744039-51A6-40E7-90BE-CA0522C39A0E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "UDP Query User{9F63357D-DF31-4796-B9E7-B0E3DF0EDF24}C:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe | "UDP Query User{9F7880EA-9B18-490D-831C-5313794016DA}C:\games\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\games\combat arms eu\engine.exe | "UDP Query User{9F7C3717-3E8D-489A-8A67-ABB03D4071A2}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "UDP Query User{A029664C-62DA-4891-9D15-59429C475A4A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{D33ABA59-9E7F-4D4E-B13B-B44EFE339A69}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{DD48D7C3-3298-4AB8-9DE5-A6CAC181E20A}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | "UDP Query User{DFE739AC-7337-4202-B11A-827DE64653E5}C:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\games\tera\tera-launcher.exe | "UDP Query User{FB98BACD-9F0D-42E6-A7C0-0C36182A28E4}C:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\philipp\documents\informatik\mysqlporable\mysqlportable\mysql\bin\mysqld.exe | "UDP Query User{FBC26082-0BF3-4FAE-A0FB-8EA4C5AF0417}C:\games\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\games\metin2\metin2client.bin | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06CB0DD1-71A5-F352-E0A9-FE6016380A8F}" = AMD Drag and Drop Transcoding "{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64 "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition) "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6DB97EF8-603B-FB96-9B56-6F0D23E14263}" = AMD Media Foundation Decoders "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F2CD25EB-2FC9-4D58-812A-32BBFBF06186}" = AVG 2013 "{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager "{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "ASRock App Charger_is1" = ASRock App Charger v1.0.5 "AVG" = AVG 2013 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch "{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek "{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish "{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian "{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French "{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common "{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional "{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = Catalyst Control Center "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard "{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian "{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean "{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = Browse2save "{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish "{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All "{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian "{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Blockscape_is1" = Blockscape Phase 1 (beta) "Clownfish" = Clownfish for Skype "ESN Sonar-0.70.4" = ESN Sonar "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "LogMeIn Hamachi" = LogMeIn Hamachi "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "SP_c22b9000" = Search Assistant JustBrowse 1.66 "SP_f2a323db" = BrowseToSave 1.66 "Steam App 72850" = The Elder Scrolls V: Skyrim "TmUnitedForever_is1" = TmUnitedForever "Tobit Radio.fx Server" = Radio.fx ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.03.2013 03:54:21 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 28.03.2013 06:24:15 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 06:03:58 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 12:06:51 | Computer Name = Philipp | Source = Application Hang | ID = 1002 Description = Programm TESV.exe, Version 1.9.32.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1470 Startzeit: 01ce2c9758ed3268 Endzeit: 26 Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe Berichts-ID: a7ecb752-988a-11e2-8816-bc5ff45eb259 Error - 29.03.2013 12:10:54 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 12:32:04 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 12:38:58 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 12:55:22 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 13:06:31 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = Error - 29.03.2013 13:20:07 | Computer Name = Philipp | Source = ISCT Agent | ID = 1003 Description = [ System Events ] Error - 29.03.2013 12:54:32 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 12:55:22 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 12:55:22 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 13:04:29 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 13:06:29 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 13:06:32 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 13:18:45 | Computer Name = Philipp | Source = DCOM | ID = 10010 Description = Error - 29.03.2013 13:18:50 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 13:20:06 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 29.03.2013 13:20:09 | Computer Name = Philipp | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-29 21:55:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC43 931,51GB Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxldapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[2168] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000747e87b1 5 bytes JMP 000000010065e550 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1228:1572] 000007fef9dd331c Thread C:\Windows\System32\svchost.exe [1228:3732] 000007fef56520c0 Thread C:\Windows\System32\svchost.exe [1228:3740] 000007fef56526a8 Thread C:\Windows\System32\svchost.exe [1228:2552] 000007fef8db44e0 Thread C:\Windows\System32\svchost.exe [1228:5148] 000007fef56529dc Thread C:\Windows\System32\svchost.exe [1228:5732] 000007fef8dcd710 Thread C:\Windows\System32\svchost.exe [1228:4936] 000007fee87d14a0 Thread C:\Windows\System32\svchost.exe [1228:5020] 000007fef7c4a2b0 Thread C:\Windows\System32\svchost.exe [1228:524] 000007fef90d88f8 Thread C:\Windows\System32\spoolsv.exe [1840:2964] 000007fef74e10c8 Thread C:\Windows\System32\spoolsv.exe [1840:2956] 000007fef74b6144 Thread C:\Windows\System32\spoolsv.exe [1840:3024] 000007fef70d5fd0 Thread C:\Windows\System32\spoolsv.exe [1840:3056] 000007fef70c3438 Thread C:\Windows\System32\spoolsv.exe [1840:3052] 000007fef70d63ec Thread C:\Windows\System32\spoolsv.exe [1840:3060] 000007fef7a95e5c Thread C:\Windows\system32\taskhost.exe [1788:1800] 000007fefa601010 Thread C:\Windows\system32\taskhost.exe [1788:3084] 000007fef6e31f38 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4464:4764] 000007fefac32a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4464:3812] 000007fef8f65124 ---- EOF - GMER 2.1 ---- Geändert von das.t (29.03.2013 um 22:40 Uhr) Grund: kleinere Korrekturen |
30.03.2013, 16:29 | #2 |
/// Helfer-Team | Computer fährt sich automatisch herunter - BackDoor.Generic16.AUUYDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL O4:64bit: - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found O4:64bit: - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found O4:64bit: - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found O4:64bit: - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found O4:64bit: - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O4:64bit: - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.just-browse.info/?l=1&q={searchTerms} :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Admin\*.tmp C:\Users\Admin\AppData\*.dll C:\Users\Admin\AppData\*.exe C:\Users\Admin\AppData\Local\Temp\*.exe C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
25.05.2013, 18:23 | #3 |
/// Helfer-Team | Computer fährt sich automatisch herunter - BackDoor.Generic16.AUUY Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
Themen zu Computer fährt sich automatisch herunter - BackDoor.Generic16.AUUY |
7-zip, adobe reader xi, bho, computer, converter, downloader, dvdvideosoft ltd., error, firefox, flash player, google, helper, homepage, install.exe, launch, maus, metin2, mozilla, mp3, nexus, object, origin, pando media booster, plug-in, realtek, registry, scan, security, server, sich automatisch, software, svchost.exe, taskhost.exe, trojaner, usb, visual studio, windows |