| |
| |||||||
Log-Analyse und Auswertung: ZeroAccess.hiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.05.2013, 20:35
| #1 |
| |  ZeroAccess.hi Habe seit heute den Trojaner ZeroAccess.hi auf meinen PC. Mein Virenscanner sagt mir, er sitzt im verzeichnis C:\Windows\assembly\GAC_64\Desktop.ini. Mein PC war auch gesperrt, konnte das aber mit hilfe der systemwiederherstellung beheben. Mein virenprogarmm ist McAfee. Ich habe auch gleich die txt dateien von OTL gemacht, nur bei GMER ging das mit save nicht, bin auf copy und habe das in einem textdokument gespeichert, falls euch das auch hilft. OTL: Code:
ATTFilter OTL logfile created on: 07.05.2013 19:49:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dani\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 78,05% Memory free 15,96 Gb Paging File | 13,86 Gb Available in Paging File | 86,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 439,35 Gb Total Space | 21,71 Gb Free Space | 4,94% Space Free | Partition Type: NTFS Drive D: | 492,06 Gb Total Space | 490,48 Gb Free Space | 99,68% Space Free | Partition Type: NTFS Drive E: | 3,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: COMPUTTAAAAA | User Name: Dani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.07 19:45:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe PRC - [2013.05.07 19:43:39 | 000,050,477 | ---- | M] () -- C:\Users\Dani\Downloads\Defogger.exe PRC - [2013.04.25 21:55:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.03.23 03:56:36 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Dani\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013.03.23 03:56:36 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe PRC - [2013.02.15 15:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2013.02.15 15:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe PRC - [2013.02.15 15:27:48 | 000,366,456 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe PRC - [2013.02.15 15:27:38 | 000,260,472 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe PRC - [2013.02.15 15:27:36 | 000,376,696 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.04.13 13:19:00 | 000,138,032 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe PRC - [2012.04.13 13:18:36 | 000,133,936 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe PRC - [2012.04.13 12:32:10 | 000,113,456 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.04.27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2007.02.09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe PRC - [2007.02.09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ========== Modules (No Company Name) ========== MOD - [2013.05.07 19:43:39 | 000,050,477 | ---- | M] () -- C:\Users\Dani\Downloads\Defogger.exe MOD - [2013.05.07 19:26:15 | 000,013,600 | ---- | M] () -- C:\Users\Dani\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.03.22 17:25:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\524aef253597aa414604c57f76f33f0b\IAStorUtil.ni.dll MOD - [2013.03.22 17:25:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\024f03e7c3149af74b266185a031bdcf\IAStorCommon.ni.dll MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.07.14 06:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 06:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 06:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 06:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll MOD - [2009.07.14 06:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 06:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009.07.14 06:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 06:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2009.06.10 23:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009.06.10 23:23:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2009.06.10 23:23:18 | 003,178,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2009.06.10 23:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2007.02.09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe MOD - [2007.02.09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe MOD - [2007.02.09 13:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV:64bit: - [2013.02.19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2010.08.12 16:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV - [2013.04.27 21:03:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.25 21:55:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2013.02.15 15:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.02.15 15:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.04.13 13:19:00 | 000,138,032 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC) SRV - [2012.04.13 13:18:36 | 000,133,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon) SRV - [2012.04.13 12:32:10 | 000,113,456 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.04.13 12:31:32 | 000,020,784 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV:64bit: - [2011.10.15 10:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.01 15:14:34 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.09.21 15:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2010.09.21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.31 07:07:04 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013.02.15 15:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.helpmefindyour.info/?pid=658&r=2013/04/17&hid=3985326408&lg=EN&cc=DE IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=ds&q={searchTerms}&installDate=12/04/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=658&r=2013/04/17&hid=3985326408&lg=EN&cc=DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=ds&q={searchTerms}&installDate=12/04/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=ds&q={searchTerms}&installDate=12/04/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119816&tt=180413_ctrl&babsrc=HP_ss&mntrId=C0381078D2C904B9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F D2 47 AE 70 35 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=ds&q={searchTerms}&installDate=12/04/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=ds&q={searchTerms}&installDate=12/04/2013 IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=ds&q={searchTerms}&installDate=12/04/2013 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=180413_ctrl&babsrc=SP_ss&mntrId=C0381078D2C904B9 IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=658&r=2013/04/17&hid=3985326408&lg=EN&cc=DE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..keyword.URL: "" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.07 18:32:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.27 16:29:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.07 16:23:34 | 000,000,000 | ---D | M] [2013.04.27 16:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\Extensions [2013.04.27 16:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\8e52xovi.default\extensions [2013.04.27 16:30:59 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\8e52xovi.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack [2013.04.27 16:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.07 18:32:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=cdb0d5c8-7d18-4be0-8750-9e90f3454f6e&searchtype=hp&installDate={installDate} CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.1_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpbbclmolkgbdojmlplhehmcbjolenp\1\ CHR - Extension: No name found = C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (BBrowsee2sauvee) - {69A6EE1E-20F8-F862-A72D-D7D721691C5B} - C:\ProgramData\BBrowsee2sauvee\516f0288dbea8.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software) O4 - HKCU..\Run: [icq] C:\Users\Dani\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [razorp] C:\Users\Dani\AppData\Roaming/Windows/razorp.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{565C2E07-BAFF-4670-B065-9DAFFE632257}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.25 17:50:52 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ] O32 - AutoRun File - [2006.09.25 18:01:39 | 004,386,816 | R--- | M] () - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2006.09.25 18:01:39 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{9b974da4-9305-11e2-83fc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9b974da4-9305-11e2-83fc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006.09.25 18:01:39 | 004,386,816 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 19:45:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe [2013.05.07 19:40:21 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\Neuer Ordner [2013.05.07 19:39:39 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\programme [2013.05.07 19:38:46 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\torchlight [2013.05.07 19:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.05.07 16:23:35 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2013.05.07 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com [2013.05.07 16:23:16 | 000,010,728 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys [2013.05.07 16:23:08 | 000,515,968 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys [2013.05.07 16:23:08 | 000,309,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys [2013.05.07 16:23:08 | 000,106,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys [2013.05.07 16:23:08 | 000,070,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys [2013.05.07 16:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2013.05.07 16:12:49 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2013.05.07 15:52:31 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\McAfee [2013.05.07 15:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2013.05.07 15:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2013.05.07 15:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2013.05.07 15:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2013.05.07 15:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.05.07 01:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WestwoodOnline [2013.05.07 01:20:10 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.07 01:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy [2013.05.07 01:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy [2013.05.07 01:17:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2013.05.07 01:15:52 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\Battlefield 2142 [2013.05.07 01:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2013.05.07 01:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2013.05.06 23:40:45 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\Command and Conquer 3 Kanes Wrath [2013.05.06 23:33:57 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Command and Conquer 3 Kanes Wrath [2013.05.02 10:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.05.02 10:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.05.02 10:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2013.04.27 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Local\Macromedia [2013.04.27 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Mozilla [2013.04.27 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Local\Mozilla [2013.04.27 16:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.27 16:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.04.26 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\Command and Conquer 3 Tiberium Wars [2013.04.26 00:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery [2013.04.26 00:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery [2013.04.26 00:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elcomsoft Password Recovery [2013.04.26 00:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elcomsoft [2013.04.25 01:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.23 15:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Generals and Zero Hour [2013.04.23 15:03:04 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\Command and Conquer Generals Zero Hour Data [2013.04.23 15:03:04 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\Command and Conquer Generals Data [2013.04.23 14:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.04.23 13:39:09 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll [2013.04.23 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Local\Dxtory Software [2013.04.23 13:17:46 | 008,043,008 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec.dll [2013.04.23 13:17:46 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll [2013.04.23 13:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0 [2013.04.23 13:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software [2013.04.23 11:50:13 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\uTorrent [2013.04.20 09:36:40 | 000,000,000 | ---D | C] -- C:\Users\Dani\Local Settings [2013.04.20 09:36:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.20 09:36:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.20 09:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.20 09:35:43 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Babylon [2013.04.20 09:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.19 19:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torchlight 2 [2013.04.19 19:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2013.04.19 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Windows [2013.04.19 19:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.04.18 01:19:11 | 000,000,000 | ---D | C] -- C:\Users\Dani\Documents\My Games [2013.04.18 01:13:47 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torchlight 2 [2013.04.18 01:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe [2013.04.17 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave [2013.04.17 22:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowsee2sauvee [2013.04.17 22:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BBrowsee2sauvee [2013.04.17 22:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.04.17 13:55:31 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Command and Conquer 3 Tiberium Wars [2013.04.13 10:17:25 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\pics [2013.04.12 09:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2013.04.12 09:47:09 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\OpenCandy [2013.04.12 02:24:41 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Local\ElevatedDiagnostics [2013.04.10 16:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.04.10 16:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013.04.10 16:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013.04.10 16:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013.04.09 08:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer 3 Tiberium Wars and Kane's Wrath ========== Files - Modified Within 30 Days ========== [2013.05.07 19:45:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe [2013.05.07 19:44:54 | 000,000,000 | ---- | M] () -- C:\Users\Dani\defogger_reenable [2013.05.07 19:32:53 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 19:32:53 | 000,015,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 19:31:09 | 001,646,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.07 19:31:09 | 000,709,156 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.07 19:31:09 | 000,662,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.07 19:31:09 | 000,153,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.07 19:31:09 | 000,125,424 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.07 19:29:18 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk [2013.05.07 19:25:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.07 19:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.07 19:24:55 | 2133,766,143 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 19:20:34 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.07 19:20:34 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.07 19:19:56 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.07 19:19:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.07 19:15:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.07 18:21:46 | 000,584,192 | ---- | M] () -- C:\Users\Dani\AppData\Roaming\k9yWS93.exe [2013.05.07 16:05:47 | 000,275,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.07 01:17:30 | 001,672,858 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.27 16:32:01 | 000,029,710 | ---- | M] () -- C:\Users\Dani\Documents\cc_20130427_163149.reg [2013.04.27 16:29:17 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.25 21:55:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.04.25 21:50:22 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2013.04.25 01:40:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 14:03:46 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.04.23 13:41:28 | 000,004,891 | ---- | M] () -- C:\Windows\unins000.dat [2013.04.23 13:41:27 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe [2013.04.23 13:39:09 | 000,001,182 | ---- | M] () -- C:\Users\Dani\Desktop\Dxtory.lnk [2013.04.22 12:34:27 | 000,000,328 | ---- | M] () -- C:\Users\Dani\Desktop\Neues Textdokument.rar [2013.04.13 10:12:42 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2013.04.12 09:47:10 | 000,001,051 | ---- | M] () -- C:\Users\Dani\Desktop\Orbit.lnk [2013.04.11 03:15:35 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.10 16:12:15 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk [2013.04.10 12:04:08 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk ========== Files Created - No Company Name ========== [2013.05.07 19:44:54 | 000,000,000 | ---- | C] () -- C:\Users\Dani\defogger_reenable [2013.05.07 18:23:14 | 000,584,192 | ---- | C] () -- C:\Users\Dani\AppData\Roaming\k9yWS93.exe [2013.05.07 16:23:45 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk [2013.04.27 16:31:52 | 000,029,710 | ---- | C] () -- C:\Users\Dani\Documents\cc_20130427_163149.reg [2013.04.27 16:29:17 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.27 16:29:17 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.25 21:50:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2013.04.25 01:11:57 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 14:03:46 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.04.23 13:41:28 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013.04.23 13:35:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.04.23 13:35:22 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll [2013.04.23 13:35:22 | 000,004,891 | ---- | C] () -- C:\Windows\unins000.dat [2013.04.23 13:17:46 | 000,001,182 | ---- | C] () -- C:\Users\Dani\Desktop\Dxtory.lnk [2013.04.22 12:34:27 | 000,000,328 | ---- | C] () -- C:\Users\Dani\Desktop\Neues Textdokument.rar [2013.04.19 19:18:25 | 001,672,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.13 10:12:42 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2013.04.12 09:47:10 | 000,001,051 | ---- | C] () -- C:\Users\Dani\Desktop\Orbit.lnk [2013.04.10 16:12:15 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk [2013.03.23 04:44:07 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.23 04:44:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.22 18:36:01 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2013.03.22 17:29:31 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2013.03.22 17:15:28 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 03:43:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b22dc920-6f04-65aa-3977-5b55eb1b98d8}\@ [2013.05.07 18:31:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b22dc920-6f04-65aa-3977-5b55eb1b98d8}\L [2013.05.07 19:52:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b22dc920-6f04-65aa-3977-5b55eb1b98d8}\U [2013.05.07 19:49:07 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{b22dc920-6f04-65aa-3977-5b55eb1b98d8}\L\00000004.@ [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.05.07 19:24:58 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.05.07 19:24:58 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.25 02:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\.minecraft [2013.04.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Babylon [2013.03.26 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Broad Intelligence [2013.05.06 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Command and Conquer 3 Kanes Wrath [2013.04.26 16:01:37 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Command and Conquer 3 Tiberium Wars [2013.03.22 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\DisplayTune [2013.03.23 12:22:43 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\DVDVideoSoft [2013.03.26 00:15:56 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\GrabPro [2013.03.22 18:20:59 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\ICQ-Profile [2013.03.22 18:15:50 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\ICQM [2013.04.12 09:47:09 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\OpenCandy [2013.04.25 01:13:04 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Orbit [2013.05.06 23:25:43 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Origin [2013.03.26 00:16:27 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\ProgSense [2013.05.07 19:46:39 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\TS3Client [2013.04.27 16:31:35 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\uTorrent [2013.04.19 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Windows [2013.05.07 19:26:17 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.05.2013 19:49:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dani\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 78,05% Memory free
15,96 Gb Paging File | 13,86 Gb Available in Paging File | 86,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439,35 Gb Total Space | 21,71 Gb Free Space | 4,94% Space Free | Partition Type: NTFS
Drive D: | 492,06 Gb Total Space | 490,48 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive E: | 3,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: COMPUTTAAAAA | User Name: Dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.051
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C61B19B4-A0C3-47C4-A52F-E8E11DF83B42}" = BrowseToSave
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.15.4
"Logitech Unifying" = Logitech Unifying-Software 2.10
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01011662-76A8-41E8-B1A8-4F8821570AC5}" = Advanced Archive Password Recovery
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{35A2FE53-CC80-4D17-941F-3A7C82824FC7}" = Command & Conquer™ 3 Tiberium Wars and Kane's Wrath
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F0F5689-6900-425B-A8C2-0DBD10DAB694}" = Command & Conquer™: Generals and Zero Hour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" =
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD9D0827-A6D6-4E2C-B31E-23F01577E27B}" = BlueStacks Notification Center
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E883ECE4-1189-413A-894D-B7C4B17F0607}" = Ralink RT2860 Wireless LAN Card
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"bi_uninstaller" = Bundled software uninstaller
"BlueStacks App Player" = BlueStacks App Player
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Dxtory2.0_is1" = Dxtory version 2.0.111
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"MediaCoder" = MediaCoder 0.8.19.5372
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SP_f2a323db" =
"uTorrent" = µTorrent
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 6008, für aktuellen Benutzer)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.05.2013 12:27:13 | Computer Name = Computtaaaaa | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 78c Startzeit: 01ce4b2bfbf9be0b Endzeit: 8 Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
f6d45982-b732-11e2-9f60-1078d2c904b9
Error - 07.05.2013 12:28:44 | Computer Name = Computtaaaaa | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 7788 (0x1e6c) Thread address : 0x00000000660C1FF5 Thread message : Build VSCORE.15.1.0.520
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Users\Dani\AppData\Roaming\ICQM\icq.exe
by C:\Windows\explorer.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 07.05.2013 12:29:52 | Computer Name = Computtaaaaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DTHtml.exe, Version: 1.1.37.7, Zeitstempel:
0x4f8878d6 Name des fehlerhaften Moduls: pdi_nv_legacy.dll, Version: 1.0.0.1, Zeitstempel:
0x48473a21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001927 ID des fehlerhaften Prozesses:
0x998 Startzeit der fehlerhaften Anwendung: 0x01ce4b4014d193ff Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv_legacy.dll
Berichtskennung:
577ab0c8-b733-11e2-bda3-1078d2c904b9
Error - 07.05.2013 12:41:23 | Computer Name = Computtaaaaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DTHtml.exe, Version: 1.1.37.7, Zeitstempel:
0x4f8878d6 Name des fehlerhaften Moduls: pdi_nv_legacy.dll, Version: 1.0.0.1, Zeitstempel:
0x48473a21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001927 ID des fehlerhaften Prozesses:
0x948 Startzeit der fehlerhaften Anwendung: 0x01ce4b41aa630be1 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv_legacy.dll
Berichtskennung:
f35d2fe8-b734-11e2-935b-1078d2c904b9
Error - 07.05.2013 12:48:35 | Computer Name = Computtaaaaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DTHtml.exe, Version: 1.1.37.7, Zeitstempel:
0x4f8878d6 Name des fehlerhaften Moduls: pdi_nv_legacy.dll, Version: 1.0.0.1, Zeitstempel:
0x48473a21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001927 ID des fehlerhaften Prozesses:
0xb08 Startzeit der fehlerhaften Anwendung: 0x01ce4b42ad9c710f Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv_legacy.dll
Berichtskennung:
f4b1533b-b735-11e2-96fa-1078d2c904b9
Error - 07.05.2013 13:17:38 | Computer Name = Computtaaaaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dthtml.exe, Version: 1.1.37.7, Zeitstempel:
0x4f8878d6 Name des fehlerhaften Moduls: pdi_nv_legacy.dll, Version: 1.0.0.1, Zeitstempel:
0x48473a21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001927 ID des fehlerhaften Prozesses:
0x1a80 Startzeit der fehlerhaften Anwendung: 0x01ce4b46bfcfe415 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv_legacy.dll
Berichtskennung:
03cc7781-b73a-11e2-96fa-1078d2c904b9
Error - 07.05.2013 13:24:18 | Computer Name = Computtaaaaa | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3408 (0xd50) Thread address : 0x000000007366C2CC Thread message : Build VSCORE.15.1.0.520
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Users\Dani\AppData\Roaming\ICQM\icq.exe
by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 07.05.2013 13:25:37 | Computer Name = Computtaaaaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DTHtml.exe, Version: 1.1.37.7, Zeitstempel:
0x4f8878d6 Name des fehlerhaften Moduls: pdi_nv_legacy.dll, Version: 1.0.0.1, Zeitstempel:
0x48473a21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001927 ID des fehlerhaften Prozesses:
0xb9c Startzeit der fehlerhaften Anwendung: 0x01ce4b47d413b064 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv_legacy.dll
Berichtskennung:
2179f1af-b73b-11e2-9938-1078d2c904b9
Error - 07.05.2013 13:49:06 | Computer Name = Computtaaaaa | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3312 (0xcf0) Thread address : 0x0000000073F95445 Thread message : Build VSCORE.15.1.0.520
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Users\Dani\AppData\Roaming\ICQM\icq.exe
by C:\Users\Dani\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 07.05.2013 13:49:06 | Computer Name = Computtaaaaa | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: be4 Startzeit:
01ce4b4ad5666bd4 Endzeit: 35911 Anwendungspfad: C:\Users\Dani\Desktop\OTL.exe Berichts-ID:
50fe0906-b73e-11e2-9938-1078d2c904b9
[ System Events ]
Error - 07.05.2013 13:25:08 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ESL Wire Helper Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.05.2013 13:25:09 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:25:09 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 07.05.2013 13:25:12 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:25:13 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:27:34 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:27:34 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:27:34 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:27:34 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
Error - 07.05.2013 13:49:07 | Computer Name = Computtaaaaa | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-07 20:54:48
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MS2O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dani\AppData\Local\Temp\pgryqkod.sys
---- User code sections - GMER 2.1 ----
.reloc C:\Windows\system32\services.exe [804] section is executable [0x4A8, 0xA0000020] 0000000100052000
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076281401 2 bytes JMP 773feb26 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076281419 2 bytes JMP 7740b513 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076281431 2 bytes JMP 77488609 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007628144a 2 bytes CALL 773e1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762814dd 2 bytes JMP 77487efe C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762814f5 2 bytes JMP 774880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007628150d 2 bytes JMP 77487df4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076281525 2 bytes JMP 774881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007628153d 2 bytes JMP 773ff088 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076281555 2 bytes JMP 7740b885 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007628156d 2 bytes JMP 774886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076281585 2 bytes JMP 77488222 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007628159d 2 bytes JMP 77487db8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762815b5 2 bytes JMP 773ff121 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762815cd 2 bytes JMP 7740b29f C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762816b2 2 bytes JMP 77488584 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\AppData\Roaming\ICQM\icq.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762816bd 2 bytes JMP 77487d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2692] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000776d0420 5 bytes JMP 000000016b39b440
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2692] C:\Windows\system32\kernel32.dll!LoadLibraryA 00000000776d0bc0 5 bytes JMP 000000016b39b320
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000729617fa 2 bytes CALL 773e1199 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072961860 2 bytes CALL 773e1199 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072961942 2 bytes JMP 7622c29f C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007296194d 2 bytes JMP 7622418d C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076281401 2 bytes JMP 773feb26 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076281419 2 bytes JMP 7740b513 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076281431 2 bytes JMP 77488609 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007628144a 2 bytes CALL 773e1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762814dd 2 bytes JMP 77487efe C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762814f5 2 bytes JMP 774880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007628150d 2 bytes JMP 77487df4 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076281525 2 bytes JMP 774881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007628153d 2 bytes JMP 773ff088 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076281555 2 bytes JMP 7740b885 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007628156d 2 bytes JMP 774886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076281585 2 bytes JMP 77488222 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007628159d 2 bytes JMP 77487db8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762815b5 2 bytes JMP 773ff121 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762815cd 2 bytes JMP 7740b29f C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762816b2 2 bytes JMP 77488584 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762816bd 2 bytes JMP 77487d4d C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076281401 2 bytes JMP 773feb26 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076281419 2 bytes JMP 7740b513 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076281431 2 bytes JMP 77488609 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007628144a 2 bytes CALL 773e1dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762814dd 2 bytes JMP 77487efe C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762814f5 2 bytes JMP 774880d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007628150d 2 bytes JMP 77487df4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076281525 2 bytes JMP 774881c2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007628153d 2 bytes JMP 773ff088 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076281555 2 bytes JMP 7740b885 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007628156d 2 bytes JMP 774886c1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076281585 2 bytes JMP 77488222 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007628159d 2 bytes JMP 77487db8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762815b5 2 bytes JMP 773ff121 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762815cd 2 bytes JMP 7740b29f C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762816b2 2 bytes JMP 77488584 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Dani\Downloads\Defogger.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762816bd 2 bytes JMP 77487d4d C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [804:848] 0000000000131e58
Thread C:\Windows\system32\services.exe [804:916] 0000000000374c70
Thread C:\Windows\system32\services.exe [804:936] 0000000000374550
Thread C:\Windows\system32\services.exe [804:940] 0000000000378ea0
Thread C:\Windows\system32\services.exe [804:1760] 0000000000b51808
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [736] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [824] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [640] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [952] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1088] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1292] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1432] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1720] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:12:34) 00000000725c0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [1808] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:12:34) 00000000725c0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Bonjour\mDNSResponder.exe [1160] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [2512] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:12:34) 00000000725c0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2844] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [3052] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2220] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:12:34) 00000000725c0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [2492] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:12:34) 00000000725c0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [3480] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation)(2009-07-13 23:21:39) 000007fefd660000
---- Files - GMER 2.1 ----
File C:\ProgramData\McAfee\VirusScan\Quarantine\7dd57142f102b00.bup 0 bytes
File C:\ProgramData\McAfee\VirusScan\Quarantine\7dd57142f142cc0.bup 0 bytes
File C:\ProgramData\McAfee\VirusScan\Quarantine\7dd57142f1c2cc0.bup 0 bytes
File C:\ProgramData\McAfee\VirusScan\Quarantine\7dd57142fb1ad0.bup 0 bytes
---- EOF - GMER 2.1 ----
|
|
07.05.2013, 20:57
| #2 |
| /// TB-Ausbilder  | ZeroAccess.hi!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast. Scan mit Combofix
__________________ |
|
09.05.2013, 11:08
| #3 |
| /// TB-Ausbilder | ZeroAccess.hi Fehlende Rückmeldung
__________________Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ |
|
| Themen zu ZeroAccess.hi |
| bho, bluestacks, bonjour, converter, downloader, error, firefox, flash player, google, home, install.exe, launch, logfile, monitor.exe, mozilla, mp3, nvpciflt.sys, object, plug-in, realtek, registry, scan, security, siteadvisor, software, svchost.exe, teamspeak, trojaner, usb, windows |
Linear-Darstellung
