| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Virus eingefangen seitdem Pc lautWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.06.2013, 17:05
| #1 |
 |  Bundespolizei Virus eingefangen seitdem Pc laut Guten Tag. Ich habe mir gestern den Virus Bundespolizei eingefangen. Habe dann im abgesicherten Modus eine Systemwiderherstellung gemacht, dann Malwarebytes durchlaufen lassen und die bereits mit Haken versehenden Viren entfernt. Seit dem Virusbefall ist der CPU-Lüfter die ganze Zeit viel zu laut und wenn ich dann z.B. eine Website öffne wird er noch lauter. Aber selbst wenn nichts am PC mache wird er alle paar Sekunden für einen kurzen Moment was lauter und dann wieder was leiser, dann wieder lauter, also ständig im Wechsel. Was soll ich tun? Hatte schon mal diesen Virus und da hatte ich keine Probleme mehr nachdem ich Malwarebytes durchlaufen ließ. In Malwarebytes wo bei den Viren kein Haken automatisch dran gesetzt wird zum entfernen, darf ich die eigentlich auch einfach mit Haken versehen und entfernen? Bin ein Laie was die Sache angeht. Danke schon mal im vor raus. Mit freundlichen Grüßen Hier mal die Logdatei von gestern Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.26.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 christian :: CHRISTIAN-PC [Administrator] 01.06.2013 16:06:27 mbam-log-2013-06-01 (16-06-27).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371644 Laufzeit: 57 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\christian\AppData\Local\Temp\jpkoswu (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\skype.dat (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
02.06.2013, 17:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Virus eingefangen seitdem Pc laut Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.06.2013, 17:34
| #3 |
| | Bundespolizei Virus eingefangen seitdem Pc laut Ja habe noch paar ältere Logs mit Funde.
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.26.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 christian :: CHRISTIAN-PC [Administrator] 26.05.2013 14:19:20 mbam-log-2013-05-26 (14-19-20).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367914 Laufzeit: 47 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.11.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 christian :: CHRISTIAN-PC [Administrator] 11.05.2013 20:08:15 mbam-log-2013-05-11 (20-08-15).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355351 Laufzeit: 58 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\christian\AppData\Local\Temp\dabsihh (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\skype.dat (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.28.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 christian :: CHRISTIAN-PC [Administrator] 03.05.2013 17:09:34 mbam-log-2013-05-03 (17-09-34).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 352414 Laufzeit: 48 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Wotonoobzi (Trojan.Zbot.gen) -> Daten: C:\Users\christian\AppData\Roaming\Fore\dicek.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\christian\AppData\Roaming\Fore\dicek.exe (Trojan.Zbot.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.28.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 christian :: CHRISTIAN-PC [Administrator] 28.04.2013 10:20:02 mbam-log-2013-04-28 (10-20-02).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343511 Laufzeit: 50 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Elivg (Trojan.FakeMS) -> Daten: C:\Users\christian\AppData\Roaming\Kyal\roci.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Putua (Trojan.FakeMS) -> Daten: C:\Users\christian\AppData\Roaming\Nogy\ceri.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\christian\AppData\Roaming\Kyal\roci.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\Nogy\ceri.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\00000004.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\000000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2afca8de-283ae498 (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\BAcroIEHelpe.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.24.08 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 christian :: CHRISTIAN-PC [Administrator] 25.10.2012 02:21:46 mbam-log-2012-10-25 (02-21-46).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 336067 Laufzeit: 49 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Downloader) -> Daten: C:\Users\christian\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\christian\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\christian\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\christian\AppData\Roaming\appConf32.exe (Trojan.Downloader) -> Löschen bei Neustart. C:\Users\christian\AppData\Roaming\loaupdt.jpg (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.24.08 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 christian :: CHRISTIAN-PC [Administrator] 25.10.2012 02:21:46 mbam-log-2012-10-25 (02-21-46).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 336067 Laufzeit: 49 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Downloader) -> Daten: C:\Users\christian\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\christian\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\christian\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\christian\AppData\Roaming\appConf32.exe (Trojan.Downloader) -> Löschen bei Neustart. C:\Users\christian\AppData\Roaming\loaupdt.jpg (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.01.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 02.09.2012 03:34:41 mbam-log-2012-09-02 (03-34-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 290365 Laufzeit: 37 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter christian :: CHRISTIAN-PC [Administrator]
Schutz: Aktiviert
29.08.2012 02:39:54
mbam-log-2012-08-29 (02-39-54).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 316408
Laufzeit: 42 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 4
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Program Files\TSearch (Adware.TSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 7
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Löschen bei Neustart.
C:\Program Files\smartdl\vfd.exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T09W9YGP\vfd-ob2[1].exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5bbddca1-260e243a (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TSearch\results (Adware.TSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
|
|
02.06.2013, 22:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus eingefangen seitdem Pc laut Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.06.2013, 23:22
| #5 |
| | Bundespolizei Virus eingefangen seitdem Pc laut Hier die zwei Logfiles Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 00:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,94 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,55% Memory free
5,87 Gb Paging File | 3,68 Gb Available in Paging File | 62,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 39,69 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043B1B1-4ADF-4399-976D-170E6BF67D98}" = rport=139 | protocol=6 | dir=out | app=system |
"{02B454A0-77A7-4CD6-85DA-51AC39EE4586}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{21A572B5-E7F5-4379-A4C5-B2FE1F9FCD5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2335967D-2397-4B7B-A190-1B84BC7D3F6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2EBC63DA-74EF-4AD5-A429-CF884F7AFFA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F93EC86-1958-4138-A557-2B4C626E9014}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F3CDEC8-451E-42BA-9662-C6AAE5DAE376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F44D59E-6B6C-4983-AF26-59C5E31FFE07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49FCA299-F92A-4435-BAD1-8C99A8AD076A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B3F807E-3B16-483D-9263-3CC3350B52D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{564CFD75-D79A-45FB-8DD9-A0ACD35285AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{57AA0D82-004F-4D12-BB7E-1DBF67E65CF7}" = lport=139 | protocol=6 | dir=in | app=system |
"{617F8F74-29AA-4D9F-B2D0-A0786AD8BBC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A05BD3B-A572-4A9A-8CB4-8031A8AFFE8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B02A4C4-42B7-4D2B-A593-5F45616955EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FA622F9-15F1-40D2-AEFB-BD6472124E37}" = lport=137 | protocol=17 | dir=in | app=system |
"{72E1306B-6D79-452C-B039-98E2C49E27F1}" = lport=445 | protocol=6 | dir=in | app=system |
"{80D40AD6-ECA1-4581-9096-521EEF85E8DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE0B9893-6D30-4466-8110-726B72C5403D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BED7BC52-A47B-49E3-94CF-3973F6E1A488}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE6D8056-2560-4A4A-9467-5F7AEAEAB376}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3E500CE-6D80-4164-8409-A38A0D580C04}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFF2543B-9D65-4592-B390-C72BF9043BC1}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5B632F-BA10-411D-AA70-7FD5C40574BD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{0F0F2A25-F1C4-4EEE-9357-D7C9D66322B8}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{0FA1FB00-8F35-48A6-BF98-1D822781E3E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12050029-741F-437E-9EE6-DA904BC055FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FFA7CB6-4D84-448C-A227-FD8D3F482349}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{232FAC31-4989-4EE2-B67E-EB327057E8ED}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{23FB0F58-4580-49D1-AFA1-EA1D7E55A5C2}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{2A99FBE5-16E2-420A-AB8A-9749E0F71A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FE246A3-6D94-4749-AB22-7349A4E25746}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{38959AD0-F4EA-4088-92B8-E3725449F209}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41354A1F-19B1-4BA9-AF61-F8C6F45A9FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{434DDC38-A711-4463-9E5A-B77140E4A8C8}" = dir=in | app=c:\program files\acr\autoclubrev\web\acrlauncher.exe |
"{491BD2CB-C59B-4B0C-9276-44F5FD5747C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4B314CB6-A9FF-41A1-892B-FACF9FE707F2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{4D976349-DD8F-4AD7-B840-E8CE8B220C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E8A4160-FA26-499C-A514-CEA76AB9529F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{5F07C518-4FF0-4AF6-91AF-CE1BA96B0BA5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{6052C571-3971-4078-87E1-EB5178EBDE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62633842-8B2E-4A1A-8241-B304A4E5C450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe |
"{6CF54414-A6A8-4FFA-ACA6-432636087C79}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{71E38912-E46E-4B9C-85C8-1536AEB65B70}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{76429C89-CA3E-47AD-B260-E98D8CB778CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{799E3303-B7BF-4EE2-9654-8406C9C8D07B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7C885785-F59D-4A7A-AE38-949583A26C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D474FD4-08CC-4BE9-B9CD-1D9B9A64B5FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81A6DB89-E30D-43A4-AA41-E11374AA7236}" = protocol=6 | dir=out | app=system |
"{8A574993-2E62-4964-904A-AEA759E4E453}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{90D05CC1-0EF6-48BE-BB5A-2FB1C10A1D26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D8A4DC7-33A2-43AE-AFEB-C45E6BEC9624}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{9EB52FC1-E1F0-4E84-BF1A-ED27568ABB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F1C7599-C882-4904-89F8-C1387665E854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe |
"{AC9D3256-AD7B-46D9-98B5-08B78E9225F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AF8EED70-1AFE-440D-A611-6A6FE5D6CD34}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B35436B7-FE99-4109-B401-17FC15FCB2A0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{B5A601EF-8457-4EEC-A3A1-5635856BC980}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{B686EA00-8553-4B86-B6C9-FA11C7891950}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{BA3C3DCA-A576-48C8-9D6E-816F250E3DD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0725131-A386-4553-AF1B-7BAA63EEE4D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C171A88A-78E8-4414-A07A-63344EFEAD53}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{CD6F7D71-A456-44B4-89EF-AC2C9574E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0C9151D-5B9A-4AC7-AB7D-9353BCAA52DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D279FDB8-DC58-4269-8B63-9678549A7BDB}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{D300E9AD-BCEC-4768-A131-CBAB4524E2D0}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{D697124E-D750-439C-970D-B9CB5C7871D0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E0065CA9-E11D-45D5-927E-BA10DFA9FAC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E529F1BF-517D-48B3-B7A7-2AC61D086158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5FEFA4D-D0E3-4498-9DA8-345304631D6A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{ECBBC2C2-70D8-4447-8663-35C79EA778D9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EEA5E877-418E-4C5D-B763-430CA020881F}" = dir=in | app=c:\program files\acr\autoclubrev\bin\acr.exe |
"{F4677B4C-49AC-426D-8B69-963DBFA71B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6536AD2-FF60-4742-9999-727B921A0F49}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FC309E73-D704-4645-853E-E0A8F8E189CE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{06038E17-538C-42E8-90B8-00A27D295379}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe |
"TCP Query User{304B1DBC-E52D-46FE-A14D-39C6E74D66DB}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{314863C1-772E-4A3E-9D9A-DF57ABEBC772}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{481D194F-8B13-4362-9851-77E582A27CB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{4E144FB8-88A0-442C-A6C0-2A3E3F4F13CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{513062CB-E94D-4243-8AAC-A826EB6675CD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{5910158A-981B-4188-966E-773355EB8FB3}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe |
"TCP Query User{5C23BD90-2110-498E-A5B3-AF93C31120F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5CA5C6C4-71AD-4F59-B8DF-48FAADA550F0}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{9F5D0BB9-00DA-43FE-906F-6D68F50E4E8D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{A3544468-48BD-41B0-BF09-03A8B762947B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A4BD2B54-EE94-4A81-B53F-2487F50BC76A}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{AEA6BCCD-C52A-4E86-B66C-8232996EB460}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{E2208F94-D025-444D-AF0B-80F0AF19920C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F453324D-3442-4912-B339-3C76F867DEBF}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"TCP Query User{FD53C1BD-C29F-4E17-84F5-B011632CD8A8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{03D29D41-B75B-41EC-8044-160532DDA779}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{075445E8-2142-47EC-960F-F06569BE3A60}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{09DC2C09-68D6-492C-9F89-3AB0A415BF87}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"UDP Query User{0ECF42CD-CC74-44C3-87AA-6565A25D27D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{377F22F4-0CCD-42B9-92C6-B94867C6D584}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe |
"UDP Query User{391395CA-C694-424A-878D-03BCB50E9C98}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{546C6CA0-5DD7-4ECE-8627-47EEA01BFEFC}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{729C9629-0A08-45F1-898C-B22D71217521}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{82F5EA8A-12CE-4AB9-84C3-D905CD4D210F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{93CB7A51-8462-4F73-9918-D857812646F4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B5E01533-DCD3-4760-AA95-AE50B93D7074}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B77DD564-8392-48D6-BDCA-35FC2EA5F2B9}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe |
"UDP Query User{C446E2F9-43A2-4F53-9DFF-E52534DBA61A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D63A04A0-AFA8-42CC-9F12-B4CCAB926F7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EACC3CDF-BA2B-41F4-A1B4-022472DB05A3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{EB5BC889-9F48-4AC0-BD10-9A58F2906B52}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.118.08260
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"CCleaner" = CCleaner
"Dream Chronicles" = Dream Chronicles
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"EPSON XP-102 103 Series Useg" = Benutzerhandbuch EPSON XP-102 103 Series
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Hardware Helper_is1" = Hardware Helper
"HitmanPro37" = HitmanPro 3.7
"HotspotShield" = Hotspot Shield 2.78
"HyperCam 3 3.5.1210.30" = HyperCam 3
"ICQToolbar" = ICQ Toolbar
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 55100" = Homefront
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"TaomeeBrowser" = 淘米儿童浏览器
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2013 09:02:15 | Computer Name = christian-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 02.06.2013 09:02:15 | Computer Name = christian-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 02.06.2013 09:02:15 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 02.06.2013 09:21:19 | Computer Name = christian-PC | Source = Application Hang | ID = 1002
Description = Programm everest.bin, Version 2.20.405.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 111c Startzeit:
01ce5f93d2d081fd Endzeit: 28 Anwendungspfad: C:\Program Files\Lavalys\EVEREST Home
Edition\everest.bin Berichts-ID: 44e6525d-cb87-11e2-b9e7-00009236e0af
Error - 02.06.2013 15:56:35 | Computer Name = christian-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3588 Startzeit: 01ce5fcb3496c6f8 Endzeit: 176 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2013 16:13:55 | Computer Name = christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x858dfffc ID des fehlerhaften
Prozesses: 0x2948 Startzeit der fehlerhaften Anwendung: 0x01ce5fa0f2ad151f Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: f2c50688-cbc0-11e2-b9e7-00009236e0af
[ System Events ]
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Hotspot Shield Service" ist vom Dienst "DHCP-Client" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.05.2013 10:25:36 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD CSC DfsC discache HssDRV6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
Error - 14.05.2013 18:31:16 | Computer Name = christian-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 03.06.2013 00:02:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,94 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,55% Memory free 5,87 Gb Paging File | 3,68 Gb Available in Paging File | 62,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,95 Gb Total Space | 39,69 Gb Free Space | 27,01% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () PRC - C:\Programme\Origin\Origin.exe (Electronic Arts) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation) PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfamcc00002.dll () MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfareca00002.dll () MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Programme\Steam\bin\chromehtml.dll () MOD - C:\Programme\Steam\SDL2.dll () MOD - C:\Programme\Steam\bin\libcef.dll () MOD - C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () MOD - c:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Programme\Origin\tufao.dll () MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Programme\Steam\bin\avcodec-53.dll () MOD - C:\Programme\Steam\bin\avformat-53.dll () MOD - C:\Programme\Steam\bin\avutil-51.dll () MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Programme\Sony\Sony PC Companion\Report.dll () MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll () ========== Services (SafeList) ========== SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.) SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe () SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.) DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=113480&tt=bandext_3312_6&babsrc=HP_ss&mntrId=b0e1c846000000000000001a9236e0af IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2012.08.24 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2012.08.19 04:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga\10.15.2.523_0\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F98AB5C-CD42-4622-B106-570EFF8C74A4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF60E1C4-E5FC-4153-A9FF-AF3B11BF6D9C}: DhcpNameServer = 8.8.8.8 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5a17eeea-ba72-11e2-97e7-001a9236e0af}\Shell - "" = AutoRun O33 - MountPoints2\{5a17eeea-ba72-11e2-97e7-001a9236e0af}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\{95e676f3-d8a2-11e1-937a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{95e676f3-d8a2-11e1-937a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{d27ce2ea-3e36-11e2-873e-001a9236e0af}\Shell - "" = AutoRun O33 - MountPoints2\{d27ce2ea-3e36-11e2-873e-001a9236e0af}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 00:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.06.02 16:55:46 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.06.02 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2013.06.02 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2013.06.02 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2013.06.02 14:25:46 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2013.06.02 14:25:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2013.06.02 14:25:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2013.06.02 14:25:45 | 009,053,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2013.06.02 14:25:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2013.06.02 14:25:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll [2013.06.02 14:25:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll [2013.06.02 14:25:44 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2013.06.02 14:25:44 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2013.06.02 14:25:44 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2013.06.02 14:25:44 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll [2013.06.02 14:25:44 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll [2013.06.02 14:25:44 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll [2013.06.02 14:25:44 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll [2013.06.02 14:25:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2013.06.02 14:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.06.02 13:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.01 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.01 23:03:56 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.06.01 23:03:56 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.06.01 23:03:53 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.06.01 23:03:52 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.06.01 23:03:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.06.01 23:03:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.06.01 23:03:44 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.06.01 23:03:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.01 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.01 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.05.30 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 2 [2013.05.30 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.30 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013.05.25 19:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze [2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles 2 - The Eternal Maze [2013.05.25 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient [2013.05.25 19:16:50 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe [2013.05.22 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst [2013.05.22 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PlayFirst [2013.05.22 21:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst [2013.05.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst [2013.05.22 20:40:37 | 000,000,000 | R--D | C] -- C:\Users\christian\Desktop\Discworld 2 (CD DOS) [2013.05.22 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\bewerbung [2013.05.22 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM [2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\ScummVM [2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM [2013.05.22 20:16:09 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe [2013.05.22 16:23:29 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll [2013.05.22 16:23:28 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx [2013.05.22 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet [2013.05.22 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet [2013.05.16 03:15:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 03:15:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 03:15:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 03:15:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 03:15:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 03:15:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 03:15:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 03:15:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 03:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 03:15:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.15 20:25:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 20:25:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 20:25:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 20:25:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 20:25:36 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.15 06:53:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\NVIDIA [2013.05.15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.05.15 00:31:05 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2013.05.15 00:29:09 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2013.05.15 00:29:09 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2013.05.15 00:28:47 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2013.05.15 00:28:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll [2013.05.15 00:28:43 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2013.05.15 00:28:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe [2013.05.11 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\LG Electronics [2013.05.11 22:19:50 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.11 22:18:59 | 000,131,072 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGMobileDL.dll [2013.05.11 22:18:57 | 000,172,032 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll [2013.05.11 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2013.05.11 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III [2013.05.11 22:15:35 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll [2013.05.11 22:15:35 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx [2013.05.11 22:15:35 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx [2013.05.11 22:15:35 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx [2013.05.11 22:15:31 | 000,000,000 | -H-D | C] -- C:\Users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LG Electronics [2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\LG Electronics [2013.05.11 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2013.05.11 19:18:23 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2013.05.11 19:18:22 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2013.05.11 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013.05.11 18:09:10 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll [2013.05.11 18:09:10 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll [2013.05.11 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.11 15:34:15 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 3 [2013.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\ESN [2013.05.11 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins [2013.05.11 15:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.05.11 15:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.05.11 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.05.11 14:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller [2013.05.11 12:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2013.05.11 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Origin [2013.05.11 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Origin [2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.05.11 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.05.04 20:54:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2013.05.04 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\EA Games [2013.05.04 20:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\christian\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\christian\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\christian\AppData\Roaming\*.tmp files -> C:\Users\christian\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.03 00:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.06.02 23:57:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job [2013.06.02 23:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.02 21:57:01 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job [2013.06.02 17:45:27 | 000,001,204 | ---- | M] () -- C:\Users\christian\Documents\virusfrage2.rtf [2013.06.02 17:39:31 | 000,001,108 | ---- | M] () -- C:\Users\christian\Documents\virusfrage.rtf [2013.06.02 15:22:43 | 000,000,965 | ---- | M] () -- C:\Users\christian\Desktop\SpeedFan.lnk [2013.06.02 15:22:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2013.06.02 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\christian\Desktop\initdebug.nfo [2013.06.02 15:15:14 | 000,001,072 | ---- | M] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk [2013.06.02 15:11:06 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 15:11:06 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 15:01:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 15:01:33 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 14:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.06.02 13:58:14 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.06.02 13:56:09 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.02 13:56:09 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.02 13:56:09 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.02 13:56:09 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.01 23:03:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.01 23:03:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.05.30 14:15:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2013.05.30 14:15:00 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2013.05.26 13:59:40 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.05.26 13:59:15 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013.05.25 23:39:46 | 001,764,840 | ---- | M] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe [2013.05.25 19:20:51 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk [2013.05.25 19:20:51 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.05.25 19:19:54 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk [2013.05.25 19:19:54 | 000,000,225 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url [2013.05.25 19:17:17 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe [2013.05.23 22:58:10 | 000,002,388 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk [2013.05.23 00:40:11 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.05.22 21:56:06 | 000,001,102 | ---- | M] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk [2013.05.22 21:56:06 | 000,001,052 | ---- | M] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk [2013.05.22 20:57:02 | 623,922,266 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2.7z [2013.05.22 20:40:17 | 722,797,309 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip [2013.05.22 20:29:41 | 000,000,983 | ---- | M] () -- C:\Users\christian\Desktop\ScummVM.lnk [2013.05.22 20:16:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe [2013.05.22 16:30:32 | 000,001,125 | ---- | M] () -- C:\Users\christian\Desktop\Game Launcher.lnk [2013.05.22 16:23:20 | 004,350,224 | ---- | M] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe [2013.05.16 03:40:00 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 01:54:23 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.15 00:50:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 00:50:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 23:37:58 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2013.05.12 23:37:58 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2013.05.12 23:37:58 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2013.05.12 23:37:58 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2013.05.12 23:37:58 | 009,053,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2013.05.12 23:37:58 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2013.05.12 23:37:58 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2013.05.12 23:37:58 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2013.05.12 23:37:58 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2013.05.12 23:37:58 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2013.05.12 23:37:58 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll [2013.05.12 23:37:58 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll [2013.05.12 23:37:58 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll [2013.05.12 23:37:58 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll [2013.05.12 23:37:58 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll [2013.05.12 23:37:58 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll [2013.05.12 23:37:58 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll [2013.05.12 23:37:58 | 000,015,885 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2013.05.12 21:58:09 | 004,188,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2013.05.12 21:58:09 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2013.05.12 21:58:06 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2013.05.12 21:58:06 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2013.05.12 21:58:06 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe [2013.05.11 22:32:32 | 000,198,799 | ---- | M] () -- C:\Users\christian\Desktop\ich neu.jpg [2013.05.11 22:30:19 | 000,165,600 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg [2013.05.11 22:30:11 | 000,193,480 | ---- | M] () -- C:\Users\christian\Documents\IMG060.jpg [2013.05.11 22:30:01 | 000,203,627 | ---- | M] () -- C:\Users\christian\Documents\IMG016.jpg [2013.05.11 22:29:48 | 000,726,101 | ---- | M] () -- C:\Users\christian\Documents\IMG062.jpg [2013.05.11 22:27:18 | 000,172,032 | ---- | M] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll [2013.05.11 22:22:06 | 000,003,841 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_0.png [2013.05.11 22:22:01 | 000,004,251 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_4.png [2013.05.11 22:21:59 | 000,005,661 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_6.png [2013.05.11 22:21:39 | 000,022,008 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg [2013.05.11 22:21:36 | 000,023,097 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg [2013.05.11 22:21:28 | 000,185,872 | ---- | M] () -- C:\Users\christian\Documents\IMG017.jpg [2013.05.11 22:21:23 | 000,184,205 | ---- | M] () -- C:\Users\christian\Documents\IMG018.jpg [2013.05.11 22:21:06 | 000,202,362 | ---- | M] () -- C:\Users\christian\Documents\IMG298.jpg [2013.05.11 22:21:02 | 000,089,081 | ---- | M] () -- C:\Users\christian\Documents\Img340057.jpg [2013.05.11 22:20:55 | 000,180,606 | ---- | M] () -- C:\Users\christian\Documents\IMG065.jpg [2013.05.11 22:20:06 | 000,004,899 | ---- | M] () -- C:\Users\christian\Documents\image_0003.jpg [2013.05.11 22:20:03 | 000,005,741 | ---- | M] () -- C:\Users\christian\Documents\image_0009.jpg [2013.05.11 22:20:00 | 000,004,774 | ---- | M] () -- C:\Users\christian\Documents\image_0008.jpg [2013.05.11 22:19:57 | 000,004,866 | ---- | M] () -- C:\Users\christian\Documents\image_0006.jpg [2013.05.11 22:19:50 | 000,005,022 | ---- | M] () -- C:\Users\christian\Documents\image_0010.jpg [2013.05.11 22:15:46 | 000,001,212 | ---- | M] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk [2013.05.11 16:52:37 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.05.11 16:52:20 | 000,138,056 | ---- | M] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys [2013.05.11 16:46:54 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.09 06:32:35 | 003,165,737 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin [2013.05.04 21:14:00 | 000,000,712 | ---- | M] () -- C:\Users\christian\Desktop\Medal of Honor - Verknüpfung.lnk [2013.05.04 14:11:29 | 000,840,264 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\christian\AppData\Roaming\*.tmp files -> C:\Users\christian\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 17:45:27 | 000,001,204 | ---- | C] () -- C:\Users\christian\Documents\virusfrage2.rtf [2013.06.02 17:39:31 | 000,001,108 | ---- | C] () -- C:\Users\christian\Documents\virusfrage.rtf [2013.06.02 15:22:43 | 000,000,965 | ---- | C] () -- C:\Users\christian\Desktop\SpeedFan.lnk [2013.06.02 15:22:41 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2013.06.02 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\christian\Desktop\initdebug.nfo [2013.06.02 15:15:14 | 000,001,072 | ---- | C] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk [2013.06.02 14:25:45 | 000,015,885 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2013.06.02 13:58:14 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.06.01 23:03:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.01 23:03:51 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.06.01 23:03:49 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.30 14:15:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2013.05.30 14:15:00 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2013.05.25 23:38:11 | 001,764,840 | ---- | C] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe [2013.05.25 19:20:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk [2013.05.25 19:20:51 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.05.25 19:19:54 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk [2013.05.25 19:19:54 | 000,000,225 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url [2013.05.25 19:18:59 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk [2013.05.25 19:18:59 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk [2013.05.22 21:56:06 | 000,001,102 | ---- | C] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk [2013.05.22 21:56:06 | 000,001,052 | ---- | C] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk [2013.05.22 20:48:10 | 623,922,266 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2.7z [2013.05.22 20:29:41 | 000,000,983 | ---- | C] () -- C:\Users\christian\Desktop\ScummVM.lnk [2013.05.22 20:24:35 | 722,797,309 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip [2013.05.22 16:23:27 | 000,001,125 | ---- | C] () -- C:\Users\christian\Desktop\Game Launcher.lnk [2013.05.22 16:22:56 | 004,350,224 | ---- | C] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe [2013.05.15 01:54:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.15 00:10:56 | 003,165,737 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2013.05.11 22:30:56 | 000,198,799 | ---- | C] () -- C:\Users\christian\Desktop\ich neu.jpg [2013.05.11 22:30:19 | 000,165,600 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg [2013.05.11 22:30:10 | 000,193,480 | ---- | C] () -- C:\Users\christian\Documents\IMG060.jpg [2013.05.11 22:30:01 | 000,203,627 | ---- | C] () -- C:\Users\christian\Documents\IMG016.jpg [2013.05.11 22:29:46 | 000,726,101 | ---- | C] () -- C:\Users\christian\Documents\IMG062.jpg [2013.05.11 22:22:06 | 000,003,841 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_0.png [2013.05.11 22:22:01 | 000,004,251 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_4.png [2013.05.11 22:21:58 | 000,005,661 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_6.png [2013.05.11 22:21:39 | 000,022,008 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg [2013.05.11 22:21:36 | 000,023,097 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg [2013.05.11 22:21:27 | 000,185,872 | ---- | C] () -- C:\Users\christian\Documents\IMG017.jpg [2013.05.11 22:21:22 | 000,184,205 | ---- | C] () -- C:\Users\christian\Documents\IMG018.jpg [2013.05.11 22:21:05 | 000,202,362 | ---- | C] () -- C:\Users\christian\Documents\IMG298.jpg [2013.05.11 22:21:02 | 000,089,081 | ---- | C] () -- C:\Users\christian\Documents\Img340057.jpg [2013.05.11 22:20:55 | 000,180,606 | ---- | C] () -- C:\Users\christian\Documents\IMG065.jpg [2013.05.11 22:20:06 | 000,004,899 | ---- | C] () -- C:\Users\christian\Documents\image_0003.jpg [2013.05.11 22:20:03 | 000,005,741 | ---- | C] () -- C:\Users\christian\Documents\image_0009.jpg [2013.05.11 22:20:00 | 000,004,774 | ---- | C] () -- C:\Users\christian\Documents\image_0008.jpg [2013.05.11 22:19:56 | 000,004,866 | ---- | C] () -- C:\Users\christian\Documents\image_0006.jpg [2013.05.11 22:19:50 | 000,005,022 | ---- | C] () -- C:\Users\christian\Documents\image_0010.jpg [2013.05.11 22:15:46 | 000,001,212 | ---- | C] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk [2013.05.11 16:52:37 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.05.11 16:46:54 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.04 21:14:00 | 000,000,712 | ---- | C] () -- C:\Users\christian\Desktop\Medal of Honor - Verknüpfung.lnk [2013.05.04 20:48:27 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe [2013.05.04 14:13:26 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.05.04 14:12:48 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013.05.04 14:12:32 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2013.05.03 23:47:44 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.12.28 22:37:37 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe [2012.12.28 22:37:24 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012.12.28 22:37:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2012.12.28 22:37:22 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini [2012.12.24 18:53:08 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.19 14:41:10 | 000,000,026 | ---- | C] () -- C:\Users\christian\AppData\Roaming\urhtps.dat [2012.10.19 01:40:23 | 000,000,017 | ---- | C] () -- C:\Users\christian\AppData\Roaming\blckdom.res [2012.08.29 01:48:39 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.04 01:17:35 | 000,138,056 | ---- | C] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys [2012.08.01 00:54:07 | 000,001,475 | ---- | C] () -- C:\Users\christian\AppData\Local\RecConfig.xml [2012.07.30 13:15:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.07.30 13:14:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\christian\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\christian\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\christian\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\christian\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\christian\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\christian\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2012.07.28 18:51:14 | 000,002,464 | ---- | M] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk [2012.07.28 18:51:14 | 000,002,464 | ---- | C] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk (C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\淘米儿童浏览器 ========== Alternate Data Streams ========== @Alternate Data Stream - 2216 bytes -> C:\Windows\System32\drivers\pzjjgnwk.sys:changelist @Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:24FECE50 < End of report > |
|
02.06.2013, 23:28
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus eingefangen seitdem Pc lautZitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ --> Bundespolizei Virus eingefangen seitdem Pc laut |
|
02.06.2013, 23:41
| #7 |
| | Bundespolizei Virus eingefangen seitdem Pc laut Nein keins von all dem. Habe das Windows geschenkt bekommen. |
|
02.06.2013, 23:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus eingefangen seitdem Pc laut Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2013, 00:22
| #9 |
| | Bundespolizei Virus eingefangen seitdem Pc laut Ok hab ich. Code:
ATTFilter ComboFix 13-06-02.02 - christian 03.06.2013 1:00.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3006.1698 [GMT 2:00]
ausgeführt von:: c:\users\christian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\ie_kikin.dll
c:\program files\kikin\kikin.ico
c:\program files\kikin\kikin_updater_2.0.0.11.exe
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
c:\program files\smartdl
c:\program files\smartdl\cc
c:\program files\smartdl\gunzip.exe
c:\program files\smartdl\installid
c:\program files\smartdl\status-o
c:\program files\smartdl\status
c:\program files\smartdl\TorrentSearch.exe
c:\programdata\ism_0_llatsni.pad
c:\users\christian\AppData\Local\lame_enc.dll
c:\users\christian\AppData\Local\no23xwrapper.dll
c:\users\christian\AppData\Local\ogg.dll
c:\users\christian\AppData\Local\vorbis.dll
c:\users\christian\AppData\Local\vorbisenc.dll
c:\users\christian\AppData\Local\vorbisfile.dll
c:\users\christian\AppData\Roaming\AcroIEHelpe.txt
c:\users\christian\AppData\Roaming\kikin
c:\users\christian\AppData\Roaming\kikin\ff_kkes.xml
c:\users\christian\AppData\Roaming\kikin\ie_configuration.xml
c:\users\christian\AppData\Roaming\kikin\ie_kkes.xml
c:\users\christian\AppData\Roaming\kikin\ie_settings.xml
c:\users\christian\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-02 bis 2013-06-02 ))))))))))))))))))))))))))))))
.
.
2013-06-02 13:22 . 2013-06-02 13:34 -------- d-----w- c:\program files\SpeedFan
2013-06-02 13:16 . 2013-06-02 13:16 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F99287C-B8F3-4BD0-BB7A-65EAC7464E62}\offreg.dll
2013-06-02 13:15 . 2013-06-02 13:15 -------- d-----w- c:\program files\Lavalys
2013-06-02 12:06 . 2013-06-02 12:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-02 11:58 . 2013-06-02 11:58 -------- d-----w- c:\program files\HitmanPro
2013-06-02 11:57 . 2013-06-02 12:07 -------- d-----w- c:\programdata\HitmanPro
2013-06-01 21:03 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-01 21:03 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-01 21:03 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-01 21:03 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-01 21:03 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-01 21:03 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-01 21:03 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-01 21:03 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-01 21:03 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-01 21:03 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-01 21:02 . 2013-06-01 21:02 -------- d-----w- c:\program files\AVAST Software
2013-06-01 21:02 . 2013-06-01 21:02 -------- d-----w- c:\programdata\AVAST Software
2013-06-01 16:39 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F99287C-B8F3-4BD0-BB7A-65EAC7464E62}\mpengine.dll
2013-05-30 12:02 . 2013-05-30 12:02 -------- d-----w- c:\program files\Common Files\InstallShield
2013-05-25 17:20 . 2013-05-25 17:20 -------- d-----w- c:\program files\Dream Chronicles 2 - The Eternal Maze
2013-05-25 17:18 . 2013-05-25 17:18 -------- d-----w- c:\program files\bfgclient
2013-05-22 19:56 . 2013-05-25 17:23 -------- d-----w- c:\programdata\PlayFirst
2013-05-22 19:56 . 2013-05-25 17:23 -------- d-----w- c:\users\christian\AppData\Roaming\PlayFirst
2013-05-22 19:55 . 2013-05-22 19:55 -------- d-----w- c:\program files\PlayFirst
2013-05-22 18:29 . 2013-05-22 18:32 -------- d-----w- c:\users\christian\AppData\Roaming\ScummVM
2013-05-22 18:29 . 2013-05-22 18:29 -------- d-----w- c:\program files\ScummVM
2013-05-22 14:23 . 2009-11-19 00:33 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll
2013-05-22 14:23 . 2009-11-19 00:33 271768 ----a-w- c:\windows\system32\OGPIEPlugin.ocx
2013-05-22 14:23 . 2013-05-22 14:23 -------- d-----w- c:\program files\OGPlanet
2013-05-15 18:25 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:25 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:25 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:25 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:25 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 18:25 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:25 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:25 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 04:53 . 2013-06-01 16:31 -------- d-----w- c:\users\christian\AppData\Local\NVIDIA
2013-05-14 22:31 . 2013-01-29 08:35 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-05-14 22:29 . 2012-10-02 22:20 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-05-14 22:29 . 2012-10-02 22:20 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2013-05-14 22:28 . 2013-05-12 21:37 13403168 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-05-14 22:28 . 2013-05-12 21:37 925648 ----a-w- c:\windows\system32\nvumdshim.dll
2013-05-14 22:28 . 2013-05-12 21:37 12426216 ----a-w- c:\windows\system32\nvd3dum.dll
2013-05-14 22:28 . 2013-05-12 21:37 2597344 ----a-w- c:\windows\system32\nvapi.dll
2013-05-14 22:10 . 2013-05-09 04:32 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\system32\nvStreaming.exe
2013-05-11 20:19 . 2013-06-02 12:30 -------- d-----w- C:\Temp
2013-05-11 20:17 . 2013-05-11 20:17 -------- d-----w- c:\program files\MSXML 4.0
2013-05-11 20:15 . 2009-10-19 19:49 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2013-05-11 20:15 . 2009-05-22 11:26 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2013-05-11 20:15 . 2009-05-22 11:26 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2013-05-11 20:15 . 2009-05-22 11:26 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2013-05-11 20:15 . 2013-05-11 20:15 -------- d--h--w- c:\users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2013-05-11 20:15 . 2013-05-11 20:15 -------- d-----w- c:\users\christian\AppData\Roaming\LG Electronics
2013-05-11 20:12 . 2013-05-11 20:26 -------- d-----w- c:\program files\LG Electronics
2013-05-11 20:06 . 2009-08-27 23:39 851456 ----a-r- c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.6_All.msi
2013-05-11 20:06 . 2009-08-25 02:46 24576 ----a-r- c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\SendScsiCmd.dll
2013-05-11 20:06 . 2009-05-12 06:46 212992 ----a-r- c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe
2013-05-11 20:06 . 2008-12-17 02:14 32768 ----a-r- c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\LGPsLvDlChk.dll
2013-05-11 17:18 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-11 17:18 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2013-05-11 16:13 . 2013-05-11 16:13 -------- d-----w- c:\program files\AGEIA Technologies
2013-05-11 16:09 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-05-11 16:09 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-05-11 13:33 . 2013-05-11 13:33 -------- d-----w- c:\users\christian\AppData\Local\ESN
2013-05-11 13:33 . 2013-05-14 22:39 -------- d-----w- c:\program files\Battlelog Web Plugins
2013-05-11 13:30 . 2013-05-11 13:30 -------- d-----w- c:\programdata\EA Core
2013-05-11 13:29 . 2013-05-11 15:06 -------- d-----w- c:\programdata\EA Logs
2013-05-11 12:02 . 2013-05-11 12:02 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-05-11 10:59 . 2013-05-11 11:04 -------- d-----w- c:\program files\Origin Games
2013-05-11 10:59 . 2013-05-11 13:29 -------- d-----w- c:\users\christian\AppData\Local\Origin
2013-05-11 10:57 . 2013-05-11 14:48 -------- d-----w- c:\users\christian\AppData\Roaming\Origin
2013-05-11 10:57 . 2013-05-11 13:30 -------- d-----w- c:\programdata\Electronic Arts
2013-05-11 10:57 . 2013-05-11 11:04 -------- d-----w- c:\programdata\Origin
2013-05-11 10:57 . 2013-05-11 14:47 -------- d-----w- c:\program files\Origin
2013-05-04 18:54 . 2013-05-04 18:54 -------- d-sh--w- c:\programdata\DSS
2013-05-04 18:48 . 2010-09-17 04:03 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2013-05-04 18:29 . 2013-05-04 18:29 -------- d-----w- c:\program files\Electronic Arts
2013-05-04 12:13 . 2013-05-26 11:59 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-04 12:12 . 2013-05-26 11:59 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-04 12:12 . 2013-05-04 12:11 840264 ----a-w- c:\windows\system32\pbsvc.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-26 11:59 . 2012-08-04 00:32 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-22 22:40 . 2012-08-03 23:17 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-14 22:50 . 2012-07-28 14:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 22:50 . 2012-07-28 14:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-12 19:58 . 2012-07-29 11:43 3045664 ----a-w- c:\windows\system32\nvsvc.dll
2013-05-12 19:58 . 2012-07-29 11:43 4188960 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 19:58 . 2012-07-29 11:43 640288 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 19:58 . 2012-11-19 02:06 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 19:58 . 2012-07-29 11:43 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-12 19:58 . 2012-07-29 11:43 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-11 20:56 . 2013-05-03 21:47 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-05-11 14:52 . 2012-08-03 23:17 138056 ----a-w- c:\users\christian\AppData\Roaming\PnkBstrK.sys
2013-05-02 00:06 . 2012-07-28 13:48 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 18:25 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-23 20:41 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 22:25 . 2012-07-28 14:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-05 22:25 . 2012-07-28 14:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-04 12:50 . 2012-08-29 00:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 01:06 . 2013-04-02 01:06 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 01:06 . 2013-04-02 01:06 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 01:06 . 2013-04-02 01:06 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 01:06 . 2013-04-02 01:06 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 01:06 . 2013-04-02 01:06 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 01:06 . 2013-04-02 01:06 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 01:06 . 2013-04-02 01:06 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 01:06 . 2013-04-02 01:06 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 01:06 . 2013-04-02 01:06 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 01:06 . 2013-04-02 01:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 01:06 . 2013-04-02 01:06 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 01:06 . 2013-04-02 01:06 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 01:06 . 2013-04-02 01:06 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 01:06 . 2013-04-02 01:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 01:06 . 2013-04-02 01:06 361984 ----a-w- c:\windows\system32\html.iec
2013-04-02 01:06 . 2013-04-02 01:06 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 01:06 . 2013-04-02 01:06 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 01:05 . 2013-04-02 01:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-04-02 01:05 . 2013-04-02 01:05 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-02 01:05 . 2013-04-02 01:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-02 01:05 . 2013-04-02 01:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-02 01:05 . 2013-04-02 01:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-04-02 01:05 . 2013-04-02 01:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-04-02 01:05 . 2013-04-02 01:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-02 01:05 . 2013-04-02 01:05 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-02 01:05 . 2013-04-02 01:05 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-02 01:05 . 2013-04-02 01:05 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 01:05 . 2013-04-02 01:05 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-02 01:05 . 2013-04-02 01:05 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-02 01:05 . 2013-04-02 01:05 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-02 01:05 . 2013-04-02 01:05 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-04-02 01:05 . 2013-04-02 01:05 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-04-02 01:05 . 2013-04-02 01:05 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-02 01:05 . 2013-04-02 01:05 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-02 01:05 . 2013-04-02 01:05 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-04-02 01:05 . 2013-04-02 01:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-20 02:09 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 12:56 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:56 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 12:56 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 12:56 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21 128064 ----a-w- c:\program files\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5786d022-540e-4699-b350-b4be0ae94b79}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Ashampoo_DE\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-08-11 127040]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE" [2012-02-29 249440]
"EADM"="c:\program files\Origin\Origin.exe" [2013-03-21 3497552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261249~1.132\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
R2 ICQ Service;ICQ Service;c:\progra~1\ICQ6TO~1\ICQSER~1.EXE [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - EVERESTDRIVER
*NewlyCreated* - GIVEIO
*NewlyCreated* - SPEEDFAN
*Deregistered* - avgtp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 22:50]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job
- c:\users\christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 21:30]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job
- c:\users\christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 21:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
WebBrowser-{213C8ED6-1D78-4D8F-8729-25006AA86A76} - (no file)
MSConfigStartUp-Guard.Mail.ru - c:\program files\Guard-ICQ\GuardICQ.exe
MSConfigStartUp-Media Finder - c:\program files\Media Finder\Media Finder.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-03 01:12:17
ComboFix-quarantined-files.txt 2013-06-02 23:12
.
Vor Suchlauf: 10 Verzeichnis(se), 43.793.010.688 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.628.687.360 Bytes frei
.
- - End Of File - - 2DE2269CCBC52D388DE0A3CB3931E9F7
|
|
03.06.2013, 09:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus eingefangen seitdem Pc laut Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2013, 13:00
| #11 |
| | Bundespolizei Virus eingefangen seitdem Pc laut Logfile von GMER Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-03 13:25:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 WDC_WD1600JS-00NCB1 rev.10.02E02 149,05GB
Running: 6jc3pzdk.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0x90A7F644]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwAllocateVirtualMemory [0x91828668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAssignProcessToJobObject [0x90A800D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEvent [0x90A8B89A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0x90A8B8E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0x90A8BA80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateMutant [0x90A8B808]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateSection [0x91828A00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSemaphore [0x90A8B850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateThread [0x90A805D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateThreadEx [0x90A807F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0x90A8BA3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDebugActiveProcess [0x90A80E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0x90A7F6AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDuplicateObject [0x90A846AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwFreeVirtualMemory [0x91828730]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwLoadDriver [0x91826C80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0x90A7F710]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeKey [0x90A84A76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0x90A8191C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEvent [0x90A8B8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0x90A8B908]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0x90A8BAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenMutant [0x90A8B82E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenProcess [0x90A83F92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSection [0x90A8B9B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSemaphore [0x90A8B878]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenThread [0x90A84384]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0x90A8BA5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwProtectVirtualMemory [0x91828890]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryObject [0x90A817E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueueApcThreadEx [0x90A814F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0x90A7F776]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0x90A7F7DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetContextThread [0x90A80D06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemInformation [0x90A7F32C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0x90A7F502]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0x90A7F490]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSuspendProcess [0x90A81056]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSuspendThread [0x90A811B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSystemDebugControl [0x90A7F58A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwTerminateProcess [0x91828958]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwTerminateThread [0x90A80CE6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwUnloadDriver [0x91826CB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0x90A7F842]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwWriteVirtualMemory [0x918287DC]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C8BA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC51F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CCC220 4 Bytes [44, F6, A7, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CCC248 4 Bytes [68, 86, 82, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CCC2A8 4 Bytes [D6, 00, A8, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CCC2FC 8 Bytes [9A, B8, A8, 90, E6, B8, A8, ...] {CALL FAR 0xa8b8:0xe690a8b8; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CCC308 4 Bytes [80, BA, A8, 90]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E874DF 4 Bytes CALL 90A81FDF \SystemRoot\System32\Drivers\aswSnx.SYS
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EA1333 4 Bytes CALL 90A81FF5 \SystemRoot\System32\Drivers\aswSnx.SYS
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[336] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[444] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text ...
.text C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2868] USER32.dll!DialogBoxParamW 75AA3B9B 5 Bytes JMP 6BA64720 C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2976] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3032] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3120] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3316] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text ...
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!RegisterMessagePumpHook + 2F1 75A88B9E 7 Bytes JMP 10053C10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!PostMessageW + 43A 75A948B5 7 Bytes JMP 10053AC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!SetDlgItemTextA + 25 75AA709F 7 Bytes JMP 10053BF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!MessageBoxIndirectA + F5 75ADE95E 7 Bytes JMP 10053C60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!MessageBoxIndirectW + 61 75ADE9C4 7 Bytes JMP 10053D30 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!MessageBoxExA + 1F 75ADE9E8 7 Bytes JMP 10053CE0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text C:\Windows\system32\SearchProtocolHost.exe[4472] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[5588] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\SearchFilterHost.exe[5708] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[5772] kernel32.dll!GetBinaryTypeW + 70 76E769F4 1 Byte [62]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.03.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [administrator]
03.06.2013 13:34:15
mbar-log-2013-06-03 (13-34-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 234904
Time elapsed: 10 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\linkd.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkd.AIEbho.1 (Trojan.Banker) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.03.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [administrator]
03.06.2013 13:46:30
mbar-log-2013-06-03 (13-46-30).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 235052
Time elapsed: 9 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
03.06.2013, 14:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus eingefangen seitdem Pc laut aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2013, 16:48
| #13 |
| | Bundespolizei Virus eingefangen seitdem Pc laut aswMBR Log Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-03 17:17:40
-----------------------------
17:17:40.128 OS Version: Windows 6.1.7601 Service Pack 1
17:17:40.128 Number of processors: 2 586 0xF02
17:17:40.143 ComputerName: CHRISTIAN-PC UserName: christian
17:17:40.955 Initialize success
17:17:41.033 AVAST engine defs: 13060301
17:17:44.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
17:17:44.355 Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152627MB BusType: 3
17:17:44.496 Disk 0 MBR read successfully
17:17:44.496 Disk 0 MBR scan
17:17:44.496 Disk 0 Windows 7 default MBR code
17:17:44.511 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:17:44.527 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150480 MB offset 206848
17:17:44.527 Disk 0 Partition - 00 05 Extended 2045 MB offset 308391934
17:17:44.558 Disk 0 Partition 3 00 82 Linux swap 2045 MB offset 308391936
17:17:44.558 Disk 0 scanning sectors +312580096
17:17:44.636 Disk 0 scanning C:\Windows\system32\drivers
17:18:03.216 Service scanning
17:18:24.666 Modules scanning
17:18:35.524 Disk 0 trace - called modules:
17:18:35.539 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
17:18:35.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8653c030]
17:18:35.555 3 CLASSPNP.SYS[8b5af59e] -> nt!IofCallDriver -> [0x8641f918]
17:18:35.570 5 ACPI.sys[8b09e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0x86454908]
17:18:35.992 AVAST engine scan C:\Windows
17:18:41.155 AVAST engine scan C:\Windows\system32
17:21:47.513 AVAST engine scan C:\Windows\system32\drivers
17:21:58.449 AVAST engine scan C:\Users\christian
17:31:01.127 File: C:\Users\christian\Downloads\Satrackz & ScReamOut - Ich werde Dich nie vergessen ft. Sestah & Maike - [Mp3Bear.com].exe **INFECTED** Win32:Downloader-TBH [Adw]
17:31:23.872 AVAST engine scan C:\ProgramData
17:32:09.798 Scan finished successfully
17:32:58.923 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:32:58.923 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
TDSS-Killer Log Code:
ATTFilter 17:36:16.0600 5692 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:36:16.0849 5692 ============================================================
17:36:16.0849 5692 Current date / time: 2013/06/03 17:36:16.0849
17:36:16.0849 5692 SystemInfo:
17:36:16.0849 5692
17:36:16.0849 5692 OS Version: 6.1.7601 ServicePack: 1.0
17:36:16.0849 5692 Product type: Workstation
17:36:16.0849 5692 ComputerName: CHRISTIAN-PC
17:36:16.0849 5692 UserName: christian
17:36:16.0849 5692 Windows directory: C:\Windows
17:36:16.0849 5692 System windows directory: C:\Windows
17:36:16.0849 5692 Processor architecture: Intel x86
17:36:16.0849 5692 Number of processors: 2
17:36:16.0849 5692 Page size: 0x1000
17:36:16.0849 5692 Boot type: Normal boot
17:36:16.0849 5692 ============================================================
17:36:17.0910 5692 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
17:36:17.0910 5692 ============================================================
17:36:17.0910 5692 \Device\Harddisk0\DR0:
17:36:17.0910 5692 MBR partitions:
17:36:17.0910 5692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:36:17.0910 5692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x125E8000
17:36:17.0941 5692 ============================================================
17:36:18.0097 5692 C: <-> \Device\Harddisk0\DR0\Partition2
17:36:18.0097 5692 ============================================================
17:36:18.0097 5692 Initialize success
17:36:18.0097 5692 ============================================================
17:37:31.0952 3276 ============================================================
17:37:31.0952 3276 Scan started
17:37:31.0952 3276 Mode: Manual; SigCheck; TDLFS;
17:37:31.0952 3276 ============================================================
17:37:32.0685 3276 ================ Scan system memory ========================
17:37:32.0685 3276 System memory - ok
17:37:32.0685 3276 ================ Scan services =============================
17:37:32.0919 3276 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:37:33.0059 3276 1394ohci - ok
17:37:33.0153 3276 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
17:37:33.0215 3276 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
17:37:33.0262 3276 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:37:33.0293 3276 ACPI - ok
17:37:33.0325 3276 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:37:33.0371 3276 AcpiPmi - ok
17:37:33.0449 3276 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:33.0481 3276 AdobeARMservice - ok
17:37:33.0527 3276 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:33.0559 3276 AdobeFlashPlayerUpdateSvc - ok
17:37:33.0605 3276 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:33.0637 3276 adp94xx - ok
17:37:33.0668 3276 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:37:33.0683 3276 adpahci - ok
17:37:33.0699 3276 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:37:33.0715 3276 adpu320 - ok
17:37:33.0746 3276 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:37:33.0808 3276 AeLookupSvc - ok
17:37:33.0855 3276 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:37:33.0917 3276 AFD - ok
17:37:33.0980 3276 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:37:34.0011 3276 agp440 - ok
17:37:34.0027 3276 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:37:34.0042 3276 aic78xx - ok
17:37:34.0058 3276 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:37:34.0136 3276 ALG - ok
17:37:34.0167 3276 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:37:34.0183 3276 aliide - ok
17:37:34.0198 3276 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:37:34.0214 3276 amdagp - ok
17:37:34.0229 3276 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:37:34.0229 3276 amdide - ok
17:37:34.0261 3276 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:37:34.0307 3276 AmdK8 - ok
17:37:34.0339 3276 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:37:34.0385 3276 AmdPPM - ok
17:37:34.0448 3276 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:37:34.0463 3276 amdsata - ok
17:37:34.0495 3276 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:34.0510 3276 amdsbs - ok
17:37:34.0526 3276 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:37:34.0541 3276 amdxata - ok
17:37:34.0588 3276 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:37:34.0775 3276 AppID - ok
17:37:34.0838 3276 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:37:34.0900 3276 AppIDSvc - ok
17:37:34.0947 3276 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
17:37:35.0009 3276 Appinfo - ok
17:37:35.0025 3276 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:37:35.0087 3276 AppMgmt - ok
17:37:35.0119 3276 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:37:35.0134 3276 arc - ok
17:37:35.0150 3276 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:37:35.0165 3276 arcsas - ok
17:37:35.0275 3276 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:37:35.0306 3276 aspnet_state - ok
17:37:35.0353 3276 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:37:35.0384 3276 aswFsBlk - ok
17:37:35.0431 3276 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:37:35.0446 3276 aswMonFlt - ok
17:37:35.0462 3276 [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:37:35.0477 3276 aswRdr - ok
17:37:35.0540 3276 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:37:35.0555 3276 aswRvrt - ok
17:37:35.0587 3276 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:37:35.0649 3276 aswSnx - ok
17:37:35.0680 3276 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:37:35.0696 3276 aswSP - ok
17:37:35.0727 3276 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:37:35.0743 3276 aswTdi - ok
17:37:35.0805 3276 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:37:35.0821 3276 aswVmm - ok
17:37:35.0836 3276 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:35.0883 3276 AsyncMac - ok
17:37:35.0930 3276 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:37:35.0945 3276 atapi - ok
17:37:35.0992 3276 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:37:36.0070 3276 AudioEndpointBuilder - ok
17:37:36.0101 3276 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:37:36.0133 3276 Audiosrv - ok
17:37:36.0211 3276 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:37:36.0226 3276 avast! Antivirus - ok
17:37:36.0273 3276 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:37:36.0367 3276 AxInstSV - ok
17:37:36.0398 3276 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:37:36.0476 3276 b06bdrv - ok
17:37:36.0507 3276 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:37:36.0538 3276 b57nd60x - ok
17:37:36.0585 3276 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:37:36.0632 3276 BDESVC - ok
17:37:36.0647 3276 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:37:36.0694 3276 Beep - ok
17:37:36.0757 3276 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:37:36.0803 3276 BFE - ok
17:37:36.0866 3276 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
17:37:36.0928 3276 BITS - ok
17:37:36.0944 3276 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:36.0991 3276 blbdrive - ok
17:37:37.0037 3276 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:37:37.0100 3276 bowser - ok
17:37:37.0115 3276 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:37.0178 3276 BrFiltLo - ok
17:37:37.0193 3276 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:37.0225 3276 BrFiltUp - ok
17:37:37.0240 3276 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:37:37.0287 3276 BridgeMP - ok
17:37:37.0334 3276 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:37:37.0381 3276 Browser - ok
17:37:37.0552 3276 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] Browser Manager C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
17:37:37.0677 3276 Browser Manager - ok
17:37:37.0708 3276 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:37:37.0771 3276 Brserid - ok
17:37:37.0786 3276 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:37.0817 3276 BrSerWdm - ok
17:37:37.0849 3276 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:37.0880 3276 BrUsbMdm - ok
17:37:37.0895 3276 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:37.0942 3276 BrUsbSer - ok
17:37:37.0942 3276 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:37.0973 3276 BTHMODEM - ok
17:37:38.0020 3276 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:37:38.0067 3276 bthserv - ok
17:37:38.0098 3276 [ 088C0978203D59425A12B2A53FCCD02B ] camfilt2 C:\Windows\system32\DRIVERS\camfilt2.sys
17:37:38.0129 3276 camfilt2 - ok
17:37:38.0239 3276 catchme - ok
17:37:38.0270 3276 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:37:38.0317 3276 cdfs - ok
17:37:38.0379 3276 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:37:38.0410 3276 cdrom - ok
17:37:38.0457 3276 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:37:38.0504 3276 CertPropSvc - ok
17:37:38.0535 3276 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:37:38.0551 3276 circlass - ok
17:37:38.0597 3276 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:37:38.0613 3276 CLFS - ok
17:37:38.0675 3276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:38.0691 3276 clr_optimization_v2.0.50727_32 - ok
17:37:38.0753 3276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:38.0785 3276 clr_optimization_v4.0.30319_32 - ok
17:37:38.0800 3276 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:38.0816 3276 CmBatt - ok
17:37:38.0847 3276 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:37:38.0863 3276 cmdide - ok
17:37:38.0894 3276 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:37:38.0925 3276 CNG - ok
17:37:38.0956 3276 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:37:38.0972 3276 Compbatt - ok
17:37:39.0003 3276 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:37:39.0050 3276 CompositeBus - ok
17:37:39.0065 3276 COMSysApp - ok
17:37:39.0097 3276 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:39.0112 3276 crcdisk - ok
17:37:39.0159 3276 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:37:39.0206 3276 CryptSvc - ok
17:37:39.0253 3276 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:37:39.0315 3276 CSC - ok
17:37:39.0362 3276 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:37:39.0409 3276 CscService - ok
17:37:39.0440 3276 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:37:39.0502 3276 DcomLaunch - ok
17:37:39.0549 3276 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:37:39.0596 3276 defragsvc - ok
17:37:39.0627 3276 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:37:39.0674 3276 DfsC - ok
17:37:39.0736 3276 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:37:39.0799 3276 Dhcp - ok
17:37:39.0814 3276 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:37:39.0877 3276 discache - ok
17:37:39.0923 3276 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:37:39.0939 3276 Disk - ok
17:37:39.0970 3276 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:37:40.0017 3276 Dnscache - ok
17:37:40.0064 3276 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:37:40.0111 3276 dot3svc - ok
17:37:40.0142 3276 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:37:40.0189 3276 DPS - ok
17:37:40.0220 3276 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:37:40.0267 3276 drmkaud - ok
17:37:40.0313 3276 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:37:40.0360 3276 DXGKrnl - ok
17:37:40.0391 3276 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:37:40.0438 3276 EapHost - ok
17:37:40.0547 3276 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:37:40.0688 3276 ebdrv - ok
17:37:40.0719 3276 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:37:40.0766 3276 EFS - ok
17:37:40.0844 3276 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:37:40.0922 3276 ehRecvr - ok
17:37:40.0953 3276 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:37:41.0000 3276 ehSched - ok
17:37:41.0047 3276 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:37:41.0078 3276 elxstor - ok
17:37:41.0125 3276 [ E9EFCB47B90FD5498695BB7FEFD36CAE ] EpsonScanSvc C:\Windows\system32\EscSvc.exe
17:37:41.0140 3276 EpsonScanSvc - ok
17:37:41.0171 3276 [ 58767FD54AC279DE041AB6DECC48E658 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
17:37:41.0187 3276 EPSON_EB_RPCV4_04 - ok
17:37:41.0218 3276 [ 1ABB5EBC14418646EA1AD866864145F0 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
17:37:41.0234 3276 EPSON_PM_RPCV4_04 - ok
17:37:41.0265 3276 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:37:41.0312 3276 ErrDev - ok
17:37:41.0374 3276 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:37:41.0421 3276 EventSystem - ok
17:37:41.0483 3276 [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
17:37:41.0499 3276 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
17:37:41.0499 3276 EverestDriver - detected UnsignedFile.Multi.Generic (1)
17:37:41.0530 3276 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:37:41.0593 3276 exfat - ok
17:37:41.0624 3276 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:37:41.0671 3276 fastfat - ok
17:37:41.0733 3276 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:37:41.0811 3276 Fax - ok
17:37:41.0842 3276 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:37:41.0873 3276 fdc - ok
17:37:41.0889 3276 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:37:41.0920 3276 fdPHost - ok
17:37:41.0936 3276 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:37:41.0983 3276 FDResPub - ok
17:37:42.0014 3276 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:37:42.0029 3276 FileInfo - ok
17:37:42.0045 3276 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:37:42.0092 3276 Filetrace - ok
17:37:42.0107 3276 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:42.0139 3276 flpydisk - ok
17:37:42.0170 3276 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:37:42.0185 3276 FltMgr - ok
17:37:42.0248 3276 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
17:37:42.0326 3276 FontCache - ok
17:37:42.0388 3276 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:37:42.0404 3276 FontCache3.0.0.0 - ok
17:37:42.0435 3276 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:37:42.0451 3276 FsDepends - ok
17:37:42.0466 3276 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:37:42.0482 3276 Fs_Rec - ok
17:37:42.0529 3276 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:37:42.0544 3276 fvevol - ok
17:37:42.0575 3276 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:42.0591 3276 gagp30kx - ok
17:37:42.0638 3276 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
17:37:42.0653 3276 ggflt - ok
17:37:42.0685 3276 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
17:37:42.0685 3276 ggsemc - ok
17:37:42.0747 3276 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
17:37:42.0778 3276 giveio ( UnsignedFile.Multi.Generic ) - warning
17:37:42.0778 3276 giveio - detected UnsignedFile.Multi.Generic (1)
17:37:42.0809 3276 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:37:42.0903 3276 gpsvc - ok
17:37:42.0934 3276 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:37:42.0981 3276 hcw85cir - ok
17:37:43.0043 3276 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:37:43.0075 3276 HdAudAddService - ok
17:37:43.0106 3276 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:37:43.0137 3276 HDAudBus - ok
17:37:43.0168 3276 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:43.0199 3276 HidBatt - ok
17:37:43.0215 3276 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:37:43.0262 3276 HidBth - ok
17:37:43.0277 3276 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:37:43.0309 3276 HidIr - ok
17:37:43.0340 3276 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:37:43.0371 3276 hidserv - ok
17:37:43.0418 3276 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:37:43.0465 3276 HidUsb - ok
17:37:43.0496 3276 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:37:43.0543 3276 hkmsvc - ok
17:37:43.0589 3276 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:37:43.0652 3276 HomeGroupListener - ok
17:37:43.0683 3276 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:37:43.0730 3276 HomeGroupProvider - ok
17:37:43.0792 3276 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:37:43.0808 3276 HpSAMD - ok
17:37:43.0901 3276 [ 1664905CC1F7F176F8A592720D9629B9 ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
17:37:43.0948 3276 hshld - ok
17:37:44.0011 3276 [ C08EC566056CCB470B2B98C0612BC0DB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
17:37:44.0011 3276 HssDRV6 - ok
17:37:44.0073 3276 [ 3EC456E454E7CF930B6B2FF3D1A9ED2F ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
17:37:44.0104 3276 HssSrv - ok
17:37:44.0151 3276 [ 443156D4CA230724B8FF5234B0C9FFFC ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
17:37:44.0167 3276 HssTrayService - ok
17:37:44.0198 3276 [ 35E91DF99B8CEAA477E0AB86052475D6 ] HssWd C:\Program Files\Hotspot Shield\bin\hsswd.exe
17:37:44.0260 3276 HssWd - ok
17:37:44.0307 3276 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:37:44.0354 3276 HTTP - ok
17:37:44.0401 3276 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:37:44.0416 3276 hwpolicy - ok
17:37:44.0447 3276 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:37:44.0479 3276 i8042prt - ok
17:37:44.0510 3276 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:37:44.0541 3276 iaStorV - ok
17:37:44.0603 3276 [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
17:37:44.0619 3276 ICQ Service - ok
17:37:44.0713 3276 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:37:44.0759 3276 idsvc - ok
17:37:44.0806 3276 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:37:44.0822 3276 iirsp - ok
17:37:44.0869 3276 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:37:44.0962 3276 IKEEXT - ok
17:37:44.0993 3276 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:37:45.0009 3276 intelide - ok
17:37:45.0040 3276 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:37:45.0071 3276 intelppm - ok
17:37:45.0103 3276 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:37:45.0149 3276 IPBusEnum - ok
17:37:45.0181 3276 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:45.0227 3276 IpFilterDriver - ok
17:37:45.0290 3276 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:37:45.0337 3276 iphlpsvc - ok
17:37:45.0383 3276 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:37:45.0415 3276 IPMIDRV - ok
17:37:45.0430 3276 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:37:45.0477 3276 IPNAT - ok
17:37:45.0508 3276 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:37:45.0555 3276 IRENUM - ok
17:37:45.0586 3276 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:37:45.0617 3276 isapnp - ok
17:37:45.0664 3276 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:37:45.0695 3276 iScsiPrt - ok
17:37:45.0742 3276 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:37:45.0758 3276 kbdclass - ok
17:37:45.0805 3276 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:37:45.0836 3276 kbdhid - ok
17:37:45.0867 3276 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:37:45.0898 3276 KeyIso - ok
17:37:45.0929 3276 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:37:45.0945 3276 KSecDD - ok
17:37:45.0961 3276 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:37:45.0976 3276 KSecPkg - ok
17:37:46.0023 3276 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:37:46.0085 3276 KtmRm - ok
17:37:46.0117 3276 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
17:37:46.0163 3276 LanmanServer - ok
17:37:46.0195 3276 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:37:46.0273 3276 LanmanWorkstation - ok
17:37:46.0335 3276 [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort C:\Windows\system32\DRIVERS\lgbtport.sys
17:37:46.0366 3276 LgBttPort - ok
17:37:46.0413 3276 [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum C:\Windows\system32\DRIVERS\lgbtbus.sys
17:37:46.0429 3276 lgbusenum - ok
17:37:46.0475 3276 [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM C:\Windows\system32\DRIVERS\lgvmodem.sys
17:37:46.0507 3276 LGVMODEM - ok
17:37:46.0553 3276 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:37:46.0600 3276 lltdio - ok
17:37:46.0631 3276 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:37:46.0694 3276 lltdsvc - ok
17:37:46.0709 3276 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:37:46.0772 3276 lmhosts - ok
17:37:46.0803 3276 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:46.0819 3276 LSI_FC - ok
17:37:46.0834 3276 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:46.0850 3276 LSI_SAS - ok
17:37:46.0865 3276 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:46.0881 3276 LSI_SAS2 - ok
17:37:46.0897 3276 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:46.0912 3276 LSI_SCSI - ok
17:37:46.0928 3276 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:37:46.0959 3276 luafv - ok
17:37:47.0006 3276 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:37:47.0021 3276 MBAMProtector - ok
17:37:47.0099 3276 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:37:47.0146 3276 MBAMScheduler - ok
17:37:47.0177 3276 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:37:47.0224 3276 MBAMService - ok
17:37:47.0271 3276 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:37:47.0287 3276 Mcx2Svc - ok
17:37:47.0302 3276 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:37:47.0318 3276 megasas - ok
17:37:47.0349 3276 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:47.0365 3276 MegaSR - ok
17:37:47.0396 3276 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:37:47.0458 3276 MMCSS - ok
17:37:47.0474 3276 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:37:47.0521 3276 Modem - ok
17:37:47.0567 3276 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:37:47.0599 3276 monitor - ok
17:37:47.0645 3276 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:37:47.0645 3276 mouclass - ok
17:37:47.0661 3276 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:37:47.0692 3276 mouhid - ok
17:37:47.0739 3276 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:37:47.0755 3276 mountmgr - ok
17:37:47.0770 3276 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:37:47.0786 3276 mpio - ok
17:37:47.0801 3276 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:37:47.0848 3276 mpsdrv - ok
17:37:47.0895 3276 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:37:47.0973 3276 MpsSvc - ok
17:37:48.0004 3276 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:37:48.0051 3276 MRxDAV - ok
17:37:48.0098 3276 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:48.0145 3276 mrxsmb - ok
17:37:48.0160 3276 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:48.0207 3276 mrxsmb10 - ok
17:37:48.0238 3276 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:48.0269 3276 mrxsmb20 - ok
17:37:48.0301 3276 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:37:48.0316 3276 msahci - ok
17:37:48.0347 3276 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:37:48.0379 3276 msdsm - ok
17:37:48.0394 3276 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:37:48.0441 3276 MSDTC - ok
17:37:48.0472 3276 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:37:48.0503 3276 Msfs - ok
17:37:48.0519 3276 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:37:48.0566 3276 mshidkmdf - ok
17:37:48.0597 3276 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:37:48.0613 3276 msisadrv - ok
17:37:48.0644 3276 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:37:48.0691 3276 MSiSCSI - ok
17:37:48.0691 3276 msiserver - ok
17:37:48.0737 3276 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:37:48.0769 3276 MSKSSRV - ok
17:37:48.0800 3276 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:48.0847 3276 MSPCLOCK - ok
17:37:48.0862 3276 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:37:48.0893 3276 MSPQM - ok
17:37:48.0909 3276 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:37:48.0925 3276 MsRPC - ok
17:37:48.0940 3276 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:37:48.0956 3276 mssmbios - ok
17:37:48.0971 3276 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:37:49.0003 3276 MSTEE - ok
17:37:49.0034 3276 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:37:49.0065 3276 MTConfig - ok
17:37:49.0096 3276 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:37:49.0127 3276 MTsensor - ok
17:37:49.0159 3276 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:37:49.0174 3276 Mup - ok
17:37:49.0205 3276 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:37:49.0252 3276 napagent - ok
17:37:49.0283 3276 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:37:49.0315 3276 NativeWifiP - ok
17:37:49.0377 3276 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:37:49.0439 3276 NDIS - ok
17:37:49.0471 3276 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:37:49.0517 3276 NdisCap - ok
17:37:49.0533 3276 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:37:49.0595 3276 NdisTapi - ok
17:37:49.0642 3276 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:37:49.0689 3276 Ndisuio - ok
17:37:49.0720 3276 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:37:49.0767 3276 NdisWan - ok
17:37:49.0814 3276 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:37:49.0876 3276 NDProxy - ok
17:37:49.0892 3276 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:37:49.0939 3276 NetBIOS - ok
17:37:49.0970 3276 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:37:50.0017 3276 NetBT - ok
17:37:50.0048 3276 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:37:50.0063 3276 Netlogon - ok
17:37:50.0095 3276 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:37:50.0173 3276 Netman - ok
17:37:50.0219 3276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0251 3276 NetMsmqActivator - ok
17:37:50.0266 3276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0282 3276 NetPipeActivator - ok
17:37:50.0313 3276 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:37:50.0375 3276 netprofm - ok
17:37:50.0375 3276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0391 3276 NetTcpActivator - ok
17:37:50.0407 3276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0422 3276 NetTcpPortSharing - ok
17:37:50.0469 3276 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:37:50.0485 3276 nfrd960 - ok
17:37:50.0516 3276 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:37:50.0563 3276 NlaSvc - ok
17:37:50.0578 3276 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:37:50.0625 3276 Npfs - ok
17:37:50.0656 3276 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:37:50.0687 3276 nsi - ok
17:37:50.0687 3276 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:37:50.0734 3276 nsiproxy - ok
17:37:50.0797 3276 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:37:50.0859 3276 Ntfs - ok
17:37:50.0875 3276 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:37:50.0921 3276 Null - ok
17:37:50.0968 3276 [ ED53B817E63AFFBA328C2E9632FBF487 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
17:37:50.0984 3276 NVHDA - ok
17:37:51.0249 3276 [ 975026EE6AF72CD0954AECDDAD43F8EF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:37:51.0577 3276 nvlddmkm - ok
17:37:51.0623 3276 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:37:51.0639 3276 nvraid - ok
17:37:51.0686 3276 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:37:51.0701 3276 nvstor - ok
17:37:51.0764 3276 [ B977DE8442427ED709A95888E034042A ] nvsvc C:\Windows\system32\nvvsvc.exe
17:37:51.0811 3276 nvsvc - ok
17:37:51.0951 3276 [ 77C691F3877A4F0F21253C9AC8DA4743 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:37:52.0045 3276 nvUpdatusService - ok
17:37:52.0076 3276 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:37:52.0091 3276 nv_agp - ok
17:37:52.0138 3276 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:37:52.0169 3276 ohci1394 - ok
17:37:52.0201 3276 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:37:52.0263 3276 p2pimsvc - ok
17:37:52.0310 3276 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:37:52.0341 3276 p2psvc - ok
17:37:52.0388 3276 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:37:52.0419 3276 Parport - ok
17:37:52.0450 3276 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:37:52.0466 3276 partmgr - ok
17:37:52.0481 3276 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:37:52.0497 3276 Parvdm - ok
17:37:52.0528 3276 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:37:52.0559 3276 PcaSvc - ok
17:37:52.0606 3276 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:37:52.0622 3276 pci - ok
17:37:52.0669 3276 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:37:52.0669 3276 pciide - ok
17:37:52.0700 3276 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:37:52.0715 3276 pcmcia - ok
17:37:52.0747 3276 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:37:52.0762 3276 pcw - ok
17:37:52.0793 3276 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:37:52.0856 3276 PEAUTH - ok
17:37:52.0918 3276 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:37:52.0996 3276 PeerDistSvc - ok
17:37:53.0105 3276 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:37:53.0199 3276 pla - ok
17:37:53.0230 3276 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:37:53.0277 3276 PlugPlay - ok
17:37:53.0339 3276 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
17:37:53.0355 3276 PnkBstrA - ok
17:37:53.0386 3276 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:37:53.0433 3276 PNRPAutoReg - ok
17:37:53.0449 3276 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:37:53.0480 3276 PNRPsvc - ok
17:37:53.0495 3276 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:37:53.0558 3276 PolicyAgent - ok
17:37:53.0589 3276 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:37:53.0620 3276 Power - ok
17:37:53.0667 3276 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:37:53.0714 3276 PptpMiniport - ok
17:37:53.0745 3276 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:37:53.0776 3276 Processor - ok
17:37:53.0823 3276 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:37:53.0870 3276 ProfSvc - ok
17:37:53.0901 3276 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:37:53.0917 3276 ProtectedStorage - ok
17:37:53.0948 3276 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:37:53.0995 3276 Psched - ok
17:37:54.0041 3276 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:37:54.0104 3276 ql2300 - ok
17:37:54.0119 3276 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:37:54.0135 3276 ql40xx - ok
17:37:54.0166 3276 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:37:54.0213 3276 QWAVE - ok
17:37:54.0229 3276 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:37:54.0244 3276 QWAVEdrv - ok
17:37:54.0307 3276 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:37:54.0338 3276 RapiMgr - ok
17:37:54.0353 3276 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:37:54.0400 3276 RasAcd - ok
17:37:54.0431 3276 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:37:54.0494 3276 RasAgileVpn - ok
17:37:54.0525 3276 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:37:54.0587 3276 RasAuto - ok
17:37:54.0619 3276 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:54.0665 3276 Rasl2tp - ok
17:37:54.0712 3276 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:37:54.0775 3276 RasMan - ok
17:37:54.0806 3276 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:54.0837 3276 RasPppoe - ok
17:37:54.0884 3276 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:37:54.0915 3276 RasSstp - ok
17:37:54.0977 3276 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:37:55.0055 3276 rdbss - ok
17:37:55.0071 3276 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:37:55.0102 3276 rdpbus - ok
17:37:55.0133 3276 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:55.0180 3276 RDPCDD - ok
17:37:55.0211 3276 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:37:55.0274 3276 RDPDR - ok
17:37:55.0305 3276 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:37:55.0352 3276 RDPENCDD - ok
17:37:55.0367 3276 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:37:55.0414 3276 RDPREFMP - ok
17:37:55.0477 3276 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:37:55.0492 3276 RdpVideoMiniport - ok
17:37:55.0523 3276 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:37:55.0586 3276 RDPWD - ok
17:37:55.0633 3276 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:37:55.0648 3276 rdyboost - ok
17:37:55.0679 3276 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:37:55.0726 3276 RemoteAccess - ok
17:37:55.0757 3276 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:37:55.0835 3276 RemoteRegistry - ok
17:37:55.0867 3276 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:37:55.0898 3276 RpcEptMapper - ok
17:37:55.0929 3276 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:37:55.0960 3276 RpcLocator - ok
17:37:55.0991 3276 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:37:56.0023 3276 RpcSs - ok
17:37:56.0069 3276 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:37:56.0132 3276 rspndr - ok
17:37:56.0179 3276 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:37:56.0210 3276 RTL8167 - ok
17:37:56.0241 3276 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:37:56.0272 3276 s3cap - ok
17:37:56.0288 3276 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:37:56.0303 3276 SamSs - ok
17:37:56.0335 3276 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:37:56.0350 3276 sbp2port - ok
17:37:56.0381 3276 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:37:56.0428 3276 SCardSvr - ok
17:37:56.0475 3276 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:37:56.0522 3276 scfilter - ok
17:37:56.0569 3276 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:37:56.0647 3276 Schedule - ok
17:37:56.0662 3276 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:37:56.0693 3276 SCPolicySvc - ok
17:37:56.0740 3276 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:37:56.0787 3276 SDRSVC - ok
17:37:56.0818 3276 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:37:56.0896 3276 secdrv - ok
17:37:56.0912 3276 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:37:56.0959 3276 seclogon - ok
17:37:56.0990 3276 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:37:57.0037 3276 SENS - ok
17:37:57.0068 3276 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:37:57.0099 3276 SensrSvc - ok
17:37:57.0130 3276 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:37:57.0161 3276 Serenum - ok
17:37:57.0193 3276 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:37:57.0239 3276 Serial - ok
17:37:57.0271 3276 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:37:57.0286 3276 sermouse - ok
17:37:57.0333 3276 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:37:57.0380 3276 SessionEnv - ok
17:37:57.0427 3276 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:37:57.0458 3276 sffdisk - ok
17:37:57.0489 3276 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:37:57.0520 3276 sffp_mmc - ok
17:37:57.0536 3276 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:37:57.0551 3276 sffp_sd - ok
17:37:57.0567 3276 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:37:57.0598 3276 sfloppy - ok
17:37:57.0645 3276 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:37:57.0707 3276 SharedAccess - ok
17:37:57.0739 3276 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:37:57.0801 3276 ShellHWDetection - ok
17:37:57.0848 3276 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:37:57.0863 3276 sisagp - ok
17:37:57.0895 3276 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:37:57.0910 3276 SiSRaid2 - ok
17:37:57.0926 3276 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:37:57.0941 3276 SiSRaid4 - ok
17:37:58.0004 3276 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:37:58.0019 3276 SkypeUpdate - ok
17:37:58.0051 3276 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:37:58.0082 3276 Smb - ok
17:37:58.0129 3276 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:37:58.0144 3276 SNMPTRAP - ok
17:37:58.0425 3276 [ 9CD6FFC9F5B999EB5DF69B9177D9848F ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
17:37:58.0753 3276 SNPSTD3 - ok
17:37:58.0831 3276 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:37:58.0846 3276 Sony PC Companion - ok
17:37:58.0909 3276 [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan C:\Windows\system32\speedfan.sys
17:37:58.0924 3276 speedfan - ok
17:37:58.0955 3276 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:37:58.0971 3276 spldr - ok
17:37:59.0018 3276 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:37:59.0065 3276 Spooler - ok
17:37:59.0174 3276 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:37:59.0314 3276 sppsvc - ok
17:37:59.0345 3276 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:37:59.0392 3276 sppuinotify - ok
17:37:59.0423 3276 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:37:59.0486 3276 srv - ok
17:37:59.0517 3276 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:37:59.0548 3276 srv2 - ok
17:37:59.0579 3276 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:37:59.0595 3276 srvnet - ok
17:37:59.0626 3276 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:37:59.0689 3276 SSDPSRV - ok
17:37:59.0704 3276 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:37:59.0767 3276 SstpSvc - ok
17:37:59.0782 3276 Steam Client Service - ok
17:37:59.0860 3276 [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:37:59.0907 3276 Stereo Service - ok
17:37:59.0923 3276 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:37:59.0938 3276 stexstor - ok
17:38:00.0001 3276 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:38:00.0079 3276 StiSvc - ok
17:38:00.0110 3276 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:38:00.0125 3276 storflt - ok
17:38:00.0157 3276 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:38:00.0172 3276 storvsc - ok
17:38:00.0188 3276 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:38:00.0203 3276 swenum - ok
17:38:00.0235 3276 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:38:00.0281 3276 swprv - ok
17:38:00.0297 3276 Synth3dVsc - ok
17:38:00.0375 3276 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:38:00.0437 3276 SysMain - ok
17:38:00.0469 3276 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:38:00.0515 3276 TabletInputService - ok
17:38:00.0547 3276 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
17:38:00.0562 3276 taphss - ok
17:38:00.0609 3276 [ A69C1848E37482C855D94AA05145086C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
17:38:00.0625 3276 taphss6 - ok
17:38:00.0656 3276 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:38:00.0703 3276 TapiSrv - ok
17:38:00.0734 3276 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:38:00.0796 3276 TBS - ok
17:38:00.0859 3276 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:38:00.0921 3276 Tcpip - ok
17:38:00.0968 3276 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:38:01.0015 3276 TCPIP6 - ok
17:38:01.0061 3276 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:38:01.0093 3276 tcpipreg - ok
17:38:01.0124 3276 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:38:01.0186 3276 TDPIPE - ok
17:38:01.0202 3276 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:38:01.0217 3276 TDTCP - ok
17:38:01.0249 3276 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:38:01.0295 3276 tdx - ok
17:38:01.0327 3276 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:38:01.0342 3276 TermDD - ok
17:38:01.0389 3276 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:38:01.0451 3276 TermService - ok
17:38:01.0483 3276 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:38:01.0514 3276 Themes - ok
17:38:01.0545 3276 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:38:01.0576 3276 THREADORDER - ok
17:38:01.0607 3276 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:38:01.0654 3276 TrkWks - ok
17:38:01.0717 3276 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:38:01.0779 3276 TrustedInstaller - ok
17:38:01.0826 3276 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:01.0873 3276 tssecsrv - ok
17:38:01.0888 3276 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:38:01.0919 3276 TsUsbFlt - ok
17:38:01.0919 3276 tsusbhub - ok
17:38:01.0982 3276 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:38:02.0044 3276 tunnel - ok
17:38:02.0075 3276 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:38:02.0091 3276 uagp35 - ok
17:38:02.0138 3276 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:38:02.0185 3276 udfs - ok
17:38:02.0231 3276 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:38:02.0278 3276 UI0Detect - ok
17:38:02.0325 3276 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:38:02.0341 3276 uliagpkx - ok
17:38:02.0387 3276 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:38:02.0419 3276 umbus - ok
17:38:02.0450 3276 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:38:02.0481 3276 UmPass - ok
17:38:02.0528 3276 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:38:02.0559 3276 UmRdpService - ok
17:38:02.0590 3276 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:38:02.0653 3276 upnphost - ok
17:38:02.0715 3276 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:38:02.0746 3276 usbaudio - ok
17:38:02.0793 3276 [ ADB68AA60EF991CE2E217223FA20B4FF ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
17:38:02.0840 3276 usbbus - ok
17:38:02.0871 3276 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:02.0933 3276 usbccgp - ok
17:38:02.0980 3276 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:38:03.0011 3276 usbcir - ok
17:38:03.0043 3276 [ D4A6201DD361F019E44483645B490E4E ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:38:03.0058 3276 UsbDiag - ok
17:38:03.0089 3276 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:38:03.0121 3276 usbehci - ok
17:38:03.0152 3276 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:38:03.0183 3276 usbhub - ok
17:38:03.0214 3276 [ A2B99411E10287F327A9820D260E7FE4 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:38:03.0230 3276 USBModem - ok
17:38:03.0261 3276 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:38:03.0308 3276 usbohci - ok
17:38:03.0339 3276 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:38:03.0370 3276 usbprint - ok
17:38:03.0401 3276 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:38:03.0417 3276 usbscan - ok
17:38:03.0448 3276 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:03.0495 3276 USBSTOR - ok
17:38:03.0526 3276 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:03.0542 3276 usbuhci - ok
17:38:03.0557 3276 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:38:03.0604 3276 usbvideo - ok
17:38:03.0651 3276 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:38:03.0698 3276 UxSms - ok
17:38:03.0713 3276 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:38:03.0729 3276 VaultSvc - ok
17:38:03.0760 3276 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:38:03.0776 3276 vdrvroot - ok
17:38:03.0823 3276 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:38:03.0885 3276 vds - ok
17:38:03.0916 3276 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:03.0932 3276 vga - ok
17:38:03.0947 3276 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:38:03.0979 3276 VgaSave - ok
17:38:03.0994 3276 VGPU - ok
17:38:04.0041 3276 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:38:04.0057 3276 vhdmp - ok
17:38:04.0119 3276 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:38:04.0135 3276 viaagp - ok
17:38:04.0150 3276 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:38:04.0181 3276 ViaC7 - ok
17:38:04.0213 3276 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:38:04.0228 3276 viaide - ok
17:38:04.0275 3276 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:38:04.0291 3276 vmbus - ok
17:38:04.0322 3276 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:38:04.0353 3276 VMBusHID - ok
17:38:04.0384 3276 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:38:04.0400 3276 volmgr - ok
17:38:04.0431 3276 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:38:04.0478 3276 volmgrx - ok
17:38:04.0493 3276 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:38:04.0525 3276 volsnap - ok
17:38:04.0556 3276 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:04.0571 3276 vsmraid - ok
17:38:04.0634 3276 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:38:04.0759 3276 VSS - ok
17:38:04.0774 3276 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:38:04.0805 3276 vwifibus - ok
17:38:04.0852 3276 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:38:04.0899 3276 W32Time - ok
17:38:04.0915 3276 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:38:04.0946 3276 WacomPen - ok
17:38:05.0008 3276 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:38:05.0039 3276 WANARP - ok
17:38:05.0039 3276 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:38:05.0071 3276 Wanarpv6 - ok
17:38:05.0117 3276 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:38:05.0242 3276 wbengine - ok
17:38:05.0273 3276 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:38:05.0305 3276 WbioSrvc - ok
17:38:05.0351 3276 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:38:05.0383 3276 WcesComm - ok
17:38:05.0429 3276 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:38:05.0476 3276 wcncsvc - ok
17:38:05.0507 3276 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:38:05.0554 3276 WcsPlugInService - ok
17:38:05.0585 3276 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:38:05.0601 3276 Wd - ok
17:38:05.0648 3276 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:38:05.0695 3276 Wdf01000 - ok
17:38:05.0710 3276 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:38:05.0804 3276 WdiServiceHost - ok
17:38:05.0804 3276 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:38:05.0835 3276 WdiSystemHost - ok
17:38:05.0882 3276 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:38:05.0944 3276 WebClient - ok
17:38:05.0975 3276 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:38:06.0022 3276 Wecsvc - ok
17:38:06.0038 3276 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:38:06.0085 3276 wercplsupport - ok
17:38:06.0131 3276 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:38:06.0194 3276 WerSvc - ok
17:38:06.0225 3276 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:06.0256 3276 WfpLwf - ok
17:38:06.0272 3276 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:38:06.0287 3276 WIMMount - ok
17:38:06.0350 3276 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:38:06.0428 3276 WinDefend - ok
17:38:06.0459 3276 WinHttpAutoProxySvc - ok
17:38:06.0521 3276 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:38:06.0584 3276 Winmgmt - ok
17:38:06.0631 3276 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:38:06.0724 3276 WinRM - ok
17:38:06.0787 3276 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:06.0818 3276 WinUsb - ok
17:38:06.0865 3276 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:38:06.0927 3276 Wlansvc - ok
17:38:06.0958 3276 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:38:06.0974 3276 WmiAcpi - ok
17:38:07.0005 3276 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:38:07.0036 3276 wmiApSrv - ok
17:38:07.0099 3276 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:38:07.0192 3276 WMPNetworkSvc - ok
17:38:07.0208 3276 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:38:07.0239 3276 WPCSvc - ok
17:38:07.0286 3276 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:38:07.0348 3276 WPDBusEnum - ok
17:38:07.0379 3276 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:38:07.0426 3276 ws2ifsl - ok
17:38:07.0442 3276 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
17:38:07.0489 3276 wscsvc - ok
17:38:07.0489 3276 WSearch - ok
17:38:07.0582 3276 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:38:07.0676 3276 wuauserv - ok
17:38:07.0723 3276 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:38:07.0754 3276 WudfPf - ok
17:38:07.0785 3276 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:07.0816 3276 WUDFRd - ok
17:38:07.0863 3276 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:38:07.0894 3276 wudfsvc - ok
17:38:07.0925 3276 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:38:08.0003 3276 WwanSvc - ok
17:38:08.0019 3276 ================ Scan global ===============================
17:38:08.0066 3276 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:38:08.0097 3276 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:38:08.0113 3276 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:38:08.0144 3276 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:38:08.0175 3276 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:38:08.0191 3276 [Global] - ok
17:38:08.0191 3276 ================ Scan MBR ==================================
17:38:08.0206 3276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:38:08.0768 3276 \Device\Harddisk0\DR0 - ok
17:38:08.0783 3276 ================ Scan VBR ==================================
17:38:08.0799 3276 [ 08D1EE321F6A2450045AE062141A93CA ] \Device\Harddisk0\DR0\Partition1
17:38:08.0815 3276 \Device\Harddisk0\DR0\Partition1 - ok
17:38:08.0830 3276 [ 5E3732987A4B7222767FA86BADD01A9A ] \Device\Harddisk0\DR0\Partition2
17:38:08.0830 3276 \Device\Harddisk0\DR0\Partition2 - ok
17:38:08.0830 3276 ============================================================
17:38:08.0830 3276 Scan finished
17:38:08.0830 3276 ============================================================
17:38:08.0846 3316 Detected object count: 2
17:38:08.0846 3316 Actual detected object count: 2
17:38:26.0661 3316 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:26.0661 3316 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:38:26.0661 3316 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:26.0661 3316 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.06.2013, 09:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus eingefangen seitdem Pc laut JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2013, 18:31
| #15 |
| | Bundespolizei Virus eingefangen seitdem Pc laut JRT Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by christian on 04.06.2013 at 18:57:32,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] browser manager
Successfully deleted: [Service] browser manager
Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-169190448-2637492132-308262306-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\icq service.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2481020
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3242337
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4883FECA-776F-48EA-8B37-C7AA854B1FF0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
~~~ Files
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\application data\big fish games"
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\christian\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\claro ltd"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\openapp"
Successfully deleted: [Folder] "C:\Users\christian\start menu\programs\browser manager"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\christian\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2013 at 19:00:13,57
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner Log Code:
ATTFilter # AdwCleaner v2.301 - Datei am 04/06/2013 um 19:05:44 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\christian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Ordner Gelöscht : C:\Program Files\Ashampoo_DE
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Ordner Gelöscht : C:\Users\christian\AppData\LocalLow\Ashampoo_DE
Ordner Gelöscht : C:\Users\christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\968bd8e734e847
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Ashampoo_DE
Schlüssel Gelöscht : HKCU\Software\Ashampoo_DE
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\968bd8e734e847
Schlüssel Gelöscht : HKLM\Software\Ashampoo_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F125CB3-FC30-464A-8E6D-DF8CDD5A0CE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6749EC72-652A-47BF-ADA3-F3EC3F5CB4CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\318a8d31f733a9c304803092e88a63cd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7652 octets] - [04/06/2013 19:05:44]
########## EOF - C:\AdwCleaner[S1].txt - [7712 octets] ##########
OTL Logs Code:
ATTFilter OTL logfile created on: 04.06.2013 19:17:30 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,94 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,61% Memory free 5,87 Gb Paging File | 4,70 Gb Available in Paging File | 79,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,95 Gb Total Space | 42,64 Gb Free Space | 29,02% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Origin\Origin.exe (Electronic Arts) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation) PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Programme\Sony\Sony PC Companion\Report.dll () MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll () ========== Services (SafeList) ========== SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.) SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe () SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.) DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-169190448-2637492132-308262306-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2012.08.24 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2012.08.19 04:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\ O1 HOSTS File: ([2013.06.03 01:10:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F98AB5C-CD42-4622-B106-570EFF8C74A4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF60E1C4-E5FC-4153-A9FF-AF3B11BF6D9C}: DhcpNameServer = 8.8.8.8 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 18:54:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.04 18:53:56 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.04 18:52:49 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe [2013.06.03 17:34:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe [2013.06.03 17:09:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe [2013.06.03 13:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.03 13:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.06.03 01:12:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\temp [2013.06.03 00:57:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.03 00:57:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.03 00:57:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.03 00:56:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.03 00:56:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.03 00:55:24 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe [2013.06.03 00:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.06.02 16:55:46 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.06.02 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2013.06.02 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2013.06.02 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2013.06.02 14:25:46 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2013.06.02 14:25:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2013.06.02 14:25:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2013.06.02 14:25:45 | 009,053,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2013.06.02 14:25:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2013.06.02 14:25:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll [2013.06.02 14:25:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll [2013.06.02 14:25:44 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2013.06.02 14:25:44 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2013.06.02 14:25:44 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2013.06.02 14:25:44 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll [2013.06.02 14:25:44 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll [2013.06.02 14:25:44 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll [2013.06.02 14:25:44 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll [2013.06.02 14:25:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2013.06.02 14:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.06.02 13:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.01 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.01 23:03:56 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.06.01 23:03:56 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.06.01 23:03:53 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.06.01 23:03:52 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.06.01 23:03:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.06.01 23:03:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.06.01 23:03:44 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.06.01 23:03:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.01 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.01 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.05.30 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 2 [2013.05.30 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.30 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013.05.25 19:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze [2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles 2 - The Eternal Maze [2013.05.25 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient [2013.05.25 19:16:50 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe [2013.05.22 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst [2013.05.22 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PlayFirst [2013.05.22 21:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst [2013.05.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst [2013.05.22 20:40:37 | 000,000,000 | R--D | C] -- C:\Users\christian\Desktop\Discworld 2 (CD DOS) [2013.05.22 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\bewerbung [2013.05.22 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM [2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\ScummVM [2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM [2013.05.22 20:16:09 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe [2013.05.22 16:23:29 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll [2013.05.22 16:23:28 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx [2013.05.22 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet [2013.05.22 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet [2013.05.16 03:15:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 03:15:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 03:15:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 03:15:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 03:15:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 03:15:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 03:15:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 03:15:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 03:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 03:15:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.15 20:25:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 20:25:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 20:25:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 20:25:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 20:25:36 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.15 06:53:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\NVIDIA [2013.05.15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.05.15 00:31:05 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2013.05.15 00:29:09 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2013.05.15 00:29:09 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll [2013.05.15 00:28:47 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2013.05.15 00:28:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll [2013.05.15 00:28:43 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2013.05.15 00:28:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe [2013.05.11 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\LG Electronics [2013.05.11 22:19:50 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.11 22:18:59 | 000,131,072 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGMobileDL.dll [2013.05.11 22:18:57 | 000,172,032 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll [2013.05.11 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2013.05.11 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III [2013.05.11 22:15:35 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll [2013.05.11 22:15:35 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx [2013.05.11 22:15:35 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx [2013.05.11 22:15:35 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx [2013.05.11 22:15:31 | 000,000,000 | -H-D | C] -- C:\Users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LG Electronics [2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\LG Electronics [2013.05.11 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2013.05.11 19:18:23 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2013.05.11 19:18:22 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2013.05.11 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013.05.11 18:09:10 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll [2013.05.11 18:09:10 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll [2013.05.11 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.11 15:34:15 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 3 [2013.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\ESN [2013.05.11 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins [2013.05.11 15:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.05.11 15:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.05.11 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.05.11 14:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller [2013.05.11 12:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2013.05.11 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Origin [2013.05.11 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Origin [2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.05.11 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.05.09 00:40:33 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\mbar [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\christian\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\christian\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 19:15:34 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 19:15:34 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 19:12:25 | 000,009,224 | ---- | M] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf [2013.06.04 19:07:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 19:07:28 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 19:06:07 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.04 19:03:56 | 000,632,031 | ---- | M] () -- C:\Users\christian\Desktop\adwcleaner.exe [2013.06.04 18:57:10 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job [2013.06.04 18:52:50 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe [2013.06.04 18:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 21:57:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job [2013.06.03 17:36:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe [2013.06.03 17:32:58 | 000,000,512 | ---- | M] () -- C:\Users\christian\Desktop\MBR.dat [2013.06.03 17:11:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe [2013.06.03 13:30:14 | 013,169,742 | ---- | M] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip [2013.06.03 13:08:15 | 367,459,563 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.03 12:59:48 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\6jc3pzdk.exe [2013.06.03 12:56:58 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\sog1gzlt.exe [2013.06.03 01:10:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.03 00:56:17 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe [2013.06.03 00:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.06.02 17:45:27 | 000,001,204 | ---- | M] () -- C:\Users\christian\Documents\virusfrage2.rtf [2013.06.02 17:39:31 | 000,001,108 | ---- | M] () -- C:\Users\christian\Documents\virusfrage.rtf [2013.06.02 15:22:43 | 000,000,965 | ---- | M] () -- C:\Users\christian\Desktop\SpeedFan.lnk [2013.06.02 15:22:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2013.06.02 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\christian\Desktop\initdebug.nfo [2013.06.02 15:15:14 | 000,001,072 | ---- | M] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk [2013.06.02 14:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.06.02 13:58:14 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.06.02 13:56:09 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.02 13:56:09 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.02 13:56:09 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.02 13:56:09 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.01 23:03:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.01 23:03:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.05.30 14:15:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2013.05.30 14:15:00 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2013.05.26 13:59:40 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.05.26 13:59:15 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013.05.25 23:39:46 | 001,764,840 | ---- | M] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe [2013.05.25 19:20:51 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk [2013.05.25 19:20:51 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.05.25 19:19:54 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk [2013.05.25 19:19:54 | 000,000,225 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url [2013.05.25 19:17:17 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe [2013.05.23 22:58:10 | 000,002,388 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk [2013.05.23 00:40:11 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.05.22 21:56:06 | 000,001,102 | ---- | M] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk [2013.05.22 21:56:06 | 000,001,052 | ---- | M] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk [2013.05.22 20:57:02 | 623,922,266 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2.7z [2013.05.22 20:40:17 | 722,797,309 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip [2013.05.22 20:29:41 | 000,000,983 | ---- | M] () -- C:\Users\christian\Desktop\ScummVM.lnk [2013.05.22 20:16:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe [2013.05.22 16:30:32 | 000,001,125 | ---- | M] () -- C:\Users\christian\Desktop\Game Launcher.lnk [2013.05.22 16:23:20 | 004,350,224 | ---- | M] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe [2013.05.16 03:40:00 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 01:54:23 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.15 00:50:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 00:50:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 23:37:58 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2013.05.12 23:37:58 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2013.05.12 23:37:58 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2013.05.12 23:37:58 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2013.05.12 23:37:58 | 009,053,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2013.05.12 23:37:58 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2013.05.12 23:37:58 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll [2013.05.12 23:37:58 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2013.05.12 23:37:58 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2013.05.12 23:37:58 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2013.05.12 23:37:58 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll [2013.05.12 23:37:58 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll [2013.05.12 23:37:58 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll [2013.05.12 23:37:58 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll [2013.05.12 23:37:58 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll [2013.05.12 23:37:58 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll [2013.05.12 23:37:58 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll [2013.05.12 23:37:58 | 000,015,885 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2013.05.12 21:58:09 | 004,188,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2013.05.12 21:58:09 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2013.05.12 21:58:06 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2013.05.12 21:58:06 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2013.05.12 21:58:06 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe [2013.05.11 22:30:19 | 000,165,600 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg [2013.05.11 22:30:11 | 000,193,480 | ---- | M] () -- C:\Users\christian\Documents\IMG060.jpg [2013.05.11 22:30:01 | 000,203,627 | ---- | M] () -- C:\Users\christian\Documents\IMG016.jpg [2013.05.11 22:29:48 | 000,726,101 | ---- | M] () -- C:\Users\christian\Documents\IMG062.jpg [2013.05.11 22:27:18 | 000,172,032 | ---- | M] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll [2013.05.11 22:22:06 | 000,003,841 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_0.png [2013.05.11 22:22:01 | 000,004,251 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_4.png [2013.05.11 22:21:59 | 000,005,661 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_6.png [2013.05.11 22:21:39 | 000,022,008 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg [2013.05.11 22:21:36 | 000,023,097 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg [2013.05.11 22:21:28 | 000,185,872 | ---- | M] () -- C:\Users\christian\Documents\IMG017.jpg [2013.05.11 22:21:23 | 000,184,205 | ---- | M] () -- C:\Users\christian\Documents\IMG018.jpg [2013.05.11 22:21:06 | 000,202,362 | ---- | M] () -- C:\Users\christian\Documents\IMG298.jpg [2013.05.11 22:21:02 | 000,089,081 | ---- | M] () -- C:\Users\christian\Documents\Img340057.jpg [2013.05.11 22:20:55 | 000,180,606 | ---- | M] () -- C:\Users\christian\Documents\IMG065.jpg [2013.05.11 22:20:06 | 000,004,899 | ---- | M] () -- C:\Users\christian\Documents\image_0003.jpg [2013.05.11 22:20:03 | 000,005,741 | ---- | M] () -- C:\Users\christian\Documents\image_0009.jpg [2013.05.11 22:20:00 | 000,004,774 | ---- | M] () -- C:\Users\christian\Documents\image_0008.jpg [2013.05.11 22:19:57 | 000,004,866 | ---- | M] () -- C:\Users\christian\Documents\image_0006.jpg [2013.05.11 22:19:50 | 000,005,022 | ---- | M] () -- C:\Users\christian\Documents\image_0010.jpg [2013.05.11 22:15:46 | 000,001,212 | ---- | M] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk [2013.05.11 16:52:37 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.05.11 16:52:20 | 000,138,056 | ---- | M] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys [2013.05.11 16:46:54 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.09 06:32:35 | 003,165,737 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 19:12:25 | 000,009,224 | ---- | C] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf [2013.06.04 19:05:54 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.04 19:03:56 | 000,632,031 | ---- | C] () -- C:\Users\christian\Desktop\adwcleaner.exe [2013.06.03 17:32:58 | 000,000,512 | ---- | C] () -- C:\Users\christian\Desktop\MBR.dat [2013.06.03 13:29:39 | 013,169,742 | ---- | C] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip [2013.06.03 13:08:15 | 367,459,563 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.03 12:59:48 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\6jc3pzdk.exe [2013.06.03 12:56:58 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\sog1gzlt.exe [2013.06.03 00:57:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.03 00:57:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.03 00:57:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.03 00:57:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.03 00:57:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.02 17:45:27 | 000,001,204 | ---- | C] () -- C:\Users\christian\Documents\virusfrage2.rtf [2013.06.02 17:39:31 | 000,001,108 | ---- | C] () -- C:\Users\christian\Documents\virusfrage.rtf [2013.06.02 15:22:43 | 000,000,965 | ---- | C] () -- C:\Users\christian\Desktop\SpeedFan.lnk [2013.06.02 15:22:41 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2013.06.02 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\christian\Desktop\initdebug.nfo [2013.06.02 15:15:14 | 000,001,072 | ---- | C] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk [2013.06.02 14:25:45 | 000,015,885 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2013.06.02 13:58:14 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.06.01 23:03:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.01 23:03:51 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.06.01 23:03:49 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.30 14:15:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2013.05.30 14:15:00 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2013.05.25 23:38:11 | 001,764,840 | ---- | C] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe [2013.05.25 19:20:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk [2013.05.25 19:20:51 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2013.05.25 19:19:54 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk [2013.05.25 19:19:54 | 000,000,225 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url [2013.05.25 19:18:59 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk [2013.05.25 19:18:59 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk [2013.05.22 21:56:06 | 000,001,102 | ---- | C] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk [2013.05.22 21:56:06 | 000,001,052 | ---- | C] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk [2013.05.22 20:48:10 | 623,922,266 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2.7z [2013.05.22 20:29:41 | 000,000,983 | ---- | C] () -- C:\Users\christian\Desktop\ScummVM.lnk [2013.05.22 20:24:35 | 722,797,309 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip [2013.05.22 16:23:27 | 000,001,125 | ---- | C] () -- C:\Users\christian\Desktop\Game Launcher.lnk [2013.05.22 16:22:56 | 004,350,224 | ---- | C] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe [2013.05.15 01:54:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.05.15 00:10:56 | 003,165,737 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2013.05.11 22:30:19 | 000,165,600 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg [2013.05.11 22:30:10 | 000,193,480 | ---- | C] () -- C:\Users\christian\Documents\IMG060.jpg [2013.05.11 22:30:01 | 000,203,627 | ---- | C] () -- C:\Users\christian\Documents\IMG016.jpg [2013.05.11 22:29:46 | 000,726,101 | ---- | C] () -- C:\Users\christian\Documents\IMG062.jpg [2013.05.11 22:22:06 | 000,003,841 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_0.png [2013.05.11 22:22:01 | 000,004,251 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_4.png [2013.05.11 22:21:58 | 000,005,661 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_6.png [2013.05.11 22:21:39 | 000,022,008 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg [2013.05.11 22:21:36 | 000,023,097 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg [2013.05.11 22:21:27 | 000,185,872 | ---- | C] () -- C:\Users\christian\Documents\IMG017.jpg [2013.05.11 22:21:22 | 000,184,205 | ---- | C] () -- C:\Users\christian\Documents\IMG018.jpg [2013.05.11 22:21:05 | 000,202,362 | ---- | C] () -- C:\Users\christian\Documents\IMG298.jpg [2013.05.11 22:21:02 | 000,089,081 | ---- | C] () -- C:\Users\christian\Documents\Img340057.jpg [2013.05.11 22:20:55 | 000,180,606 | ---- | C] () -- C:\Users\christian\Documents\IMG065.jpg [2013.05.11 22:20:06 | 000,004,899 | ---- | C] () -- C:\Users\christian\Documents\image_0003.jpg [2013.05.11 22:20:03 | 000,005,741 | ---- | C] () -- C:\Users\christian\Documents\image_0009.jpg [2013.05.11 22:20:00 | 000,004,774 | ---- | C] () -- C:\Users\christian\Documents\image_0008.jpg [2013.05.11 22:19:56 | 000,004,866 | ---- | C] () -- C:\Users\christian\Documents\image_0006.jpg [2013.05.11 22:19:50 | 000,005,022 | ---- | C] () -- C:\Users\christian\Documents\image_0010.jpg [2013.05.11 22:15:46 | 000,001,212 | ---- | C] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk [2013.05.11 16:52:37 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.05.11 16:46:54 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.05.04 20:48:27 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe [2013.05.04 14:13:26 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.05.04 14:12:48 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013.05.04 14:12:32 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2013.05.03 23:47:44 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.12.28 22:37:37 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe [2012.12.28 22:37:24 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012.12.28 22:37:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2012.12.28 22:37:22 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini [2012.12.24 18:53:08 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.19 14:41:10 | 000,000,026 | ---- | C] () -- C:\Users\christian\AppData\Roaming\urhtps.dat [2012.10.19 01:40:23 | 000,000,017 | ---- | C] () -- C:\Users\christian\AppData\Roaming\blckdom.res [2012.08.04 01:17:35 | 000,138,056 | ---- | C] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys [2012.08.01 00:54:07 | 000,001,475 | ---- | C] () -- C:\Users\christian\AppData\Local\RecConfig.xml [2012.07.30 13:15:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.07.30 13:14:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2012.07.28 18:51:14 | 000,002,464 | ---- | M] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk [2012.07.28 18:51:14 | 000,002,464 | ---- | C] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk (C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\淘米儿童浏览器 ========== Alternate Data Streams ========== @Alternate Data Stream - 2216 bytes -> C:\Windows\System32\drivers\pzjjgnwk.sys:changelist @Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:24FECE50 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 19:17:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,94 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,61% Memory free
5,87 Gb Paging File | 4,70 Gb Available in Paging File | 79,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 42,64 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043B1B1-4ADF-4399-976D-170E6BF67D98}" = rport=139 | protocol=6 | dir=out | app=system |
"{02B454A0-77A7-4CD6-85DA-51AC39EE4586}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{21A572B5-E7F5-4379-A4C5-B2FE1F9FCD5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2335967D-2397-4B7B-A190-1B84BC7D3F6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2EBC63DA-74EF-4AD5-A429-CF884F7AFFA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F93EC86-1958-4138-A557-2B4C626E9014}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F3CDEC8-451E-42BA-9662-C6AAE5DAE376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F44D59E-6B6C-4983-AF26-59C5E31FFE07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49FCA299-F92A-4435-BAD1-8C99A8AD076A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B3F807E-3B16-483D-9263-3CC3350B52D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{564CFD75-D79A-45FB-8DD9-A0ACD35285AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{57AA0D82-004F-4D12-BB7E-1DBF67E65CF7}" = lport=139 | protocol=6 | dir=in | app=system |
"{617F8F74-29AA-4D9F-B2D0-A0786AD8BBC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A05BD3B-A572-4A9A-8CB4-8031A8AFFE8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B02A4C4-42B7-4D2B-A593-5F45616955EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FA622F9-15F1-40D2-AEFB-BD6472124E37}" = lport=137 | protocol=17 | dir=in | app=system |
"{72E1306B-6D79-452C-B039-98E2C49E27F1}" = lport=445 | protocol=6 | dir=in | app=system |
"{80D40AD6-ECA1-4581-9096-521EEF85E8DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE0B9893-6D30-4466-8110-726B72C5403D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BED7BC52-A47B-49E3-94CF-3973F6E1A488}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE6D8056-2560-4A4A-9467-5F7AEAEAB376}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3E500CE-6D80-4164-8409-A38A0D580C04}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFF2543B-9D65-4592-B390-C72BF9043BC1}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5B632F-BA10-411D-AA70-7FD5C40574BD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{0F0F2A25-F1C4-4EEE-9357-D7C9D66322B8}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{0FA1FB00-8F35-48A6-BF98-1D822781E3E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12050029-741F-437E-9EE6-DA904BC055FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FFA7CB6-4D84-448C-A227-FD8D3F482349}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{232FAC31-4989-4EE2-B67E-EB327057E8ED}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{23FB0F58-4580-49D1-AFA1-EA1D7E55A5C2}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{2A99FBE5-16E2-420A-AB8A-9749E0F71A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FE246A3-6D94-4749-AB22-7349A4E25746}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{38959AD0-F4EA-4088-92B8-E3725449F209}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41354A1F-19B1-4BA9-AF61-F8C6F45A9FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{434DDC38-A711-4463-9E5A-B77140E4A8C8}" = dir=in | app=c:\program files\acr\autoclubrev\web\acrlauncher.exe |
"{491BD2CB-C59B-4B0C-9276-44F5FD5747C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4B314CB6-A9FF-41A1-892B-FACF9FE707F2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{4D976349-DD8F-4AD7-B840-E8CE8B220C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E8A4160-FA26-499C-A514-CEA76AB9529F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{5F07C518-4FF0-4AF6-91AF-CE1BA96B0BA5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{6052C571-3971-4078-87E1-EB5178EBDE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62633842-8B2E-4A1A-8241-B304A4E5C450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe |
"{6CF54414-A6A8-4FFA-ACA6-432636087C79}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{71E38912-E46E-4B9C-85C8-1536AEB65B70}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{76429C89-CA3E-47AD-B260-E98D8CB778CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{799E3303-B7BF-4EE2-9654-8406C9C8D07B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7C885785-F59D-4A7A-AE38-949583A26C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D474FD4-08CC-4BE9-B9CD-1D9B9A64B5FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81A6DB89-E30D-43A4-AA41-E11374AA7236}" = protocol=6 | dir=out | app=system |
"{8A574993-2E62-4964-904A-AEA759E4E453}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{90D05CC1-0EF6-48BE-BB5A-2FB1C10A1D26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D8A4DC7-33A2-43AE-AFEB-C45E6BEC9624}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{9EB52FC1-E1F0-4E84-BF1A-ED27568ABB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F1C7599-C882-4904-89F8-C1387665E854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe |
"{AC9D3256-AD7B-46D9-98B5-08B78E9225F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AF8EED70-1AFE-440D-A611-6A6FE5D6CD34}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B35436B7-FE99-4109-B401-17FC15FCB2A0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{B5A601EF-8457-4EEC-A3A1-5635856BC980}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{B686EA00-8553-4B86-B6C9-FA11C7891950}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{BA3C3DCA-A576-48C8-9D6E-816F250E3DD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0725131-A386-4553-AF1B-7BAA63EEE4D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C171A88A-78E8-4414-A07A-63344EFEAD53}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{CD6F7D71-A456-44B4-89EF-AC2C9574E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0C9151D-5B9A-4AC7-AB7D-9353BCAA52DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D279FDB8-DC58-4269-8B63-9678549A7BDB}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{D300E9AD-BCEC-4768-A131-CBAB4524E2D0}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{D697124E-D750-439C-970D-B9CB5C7871D0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E0065CA9-E11D-45D5-927E-BA10DFA9FAC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E529F1BF-517D-48B3-B7A7-2AC61D086158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5FEFA4D-D0E3-4498-9DA8-345304631D6A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{ECBBC2C2-70D8-4447-8663-35C79EA778D9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EEA5E877-418E-4C5D-B763-430CA020881F}" = dir=in | app=c:\program files\acr\autoclubrev\bin\acr.exe |
"{F4677B4C-49AC-426D-8B69-963DBFA71B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6536AD2-FF60-4742-9999-727B921A0F49}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FC309E73-D704-4645-853E-E0A8F8E189CE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{06038E17-538C-42E8-90B8-00A27D295379}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe |
"TCP Query User{304B1DBC-E52D-46FE-A14D-39C6E74D66DB}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{314863C1-772E-4A3E-9D9A-DF57ABEBC772}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{481D194F-8B13-4362-9851-77E582A27CB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{4E144FB8-88A0-442C-A6C0-2A3E3F4F13CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{513062CB-E94D-4243-8AAC-A826EB6675CD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{5910158A-981B-4188-966E-773355EB8FB3}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe |
"TCP Query User{5C23BD90-2110-498E-A5B3-AF93C31120F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5CA5C6C4-71AD-4F59-B8DF-48FAADA550F0}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{9F5D0BB9-00DA-43FE-906F-6D68F50E4E8D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{A3544468-48BD-41B0-BF09-03A8B762947B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A4BD2B54-EE94-4A81-B53F-2487F50BC76A}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{AEA6BCCD-C52A-4E86-B66C-8232996EB460}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{E2208F94-D025-444D-AF0B-80F0AF19920C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F453324D-3442-4912-B339-3C76F867DEBF}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"TCP Query User{FD53C1BD-C29F-4E17-84F5-B011632CD8A8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{03D29D41-B75B-41EC-8044-160532DDA779}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{075445E8-2142-47EC-960F-F06569BE3A60}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{09DC2C09-68D6-492C-9F89-3AB0A415BF87}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe |
"UDP Query User{0ECF42CD-CC74-44C3-87AA-6565A25D27D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{377F22F4-0CCD-42B9-92C6-B94867C6D584}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe |
"UDP Query User{391395CA-C694-424A-878D-03BCB50E9C98}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{546C6CA0-5DD7-4ECE-8627-47EEA01BFEFC}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{729C9629-0A08-45F1-898C-B22D71217521}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{82F5EA8A-12CE-4AB9-84C3-D905CD4D210F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{93CB7A51-8462-4F73-9918-D857812646F4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B5E01533-DCD3-4760-AA95-AE50B93D7074}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B77DD564-8392-48D6-BDCA-35FC2EA5F2B9}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe |
"UDP Query User{C446E2F9-43A2-4F53-9DFF-E52534DBA61A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D63A04A0-AFA8-42CC-9F12-B4CCAB926F7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EACC3CDF-BA2B-41F4-A1B4-022472DB05A3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{EB5BC889-9F48-4AC0-BD10-9A58F2906B52}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.118.08260
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"CCleaner" = CCleaner
"Dream Chronicles" = Dream Chronicles
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"EPSON XP-102 103 Series Useg" = Benutzerhandbuch EPSON XP-102 103 Series
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Hardware Helper_is1" = Hardware Helper
"HitmanPro37" = HitmanPro 3.7
"HotspotShield" = Hotspot Shield 2.78
"HyperCam 3 3.5.1210.30" = HyperCam 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 55100" = Homefront
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"TaomeeBrowser" = 淘米儿童浏览器
< End of report >
|
|
| Themen zu Bundespolizei Virus eingefangen seitdem Pc laut |
| administrator, adware.dropper, adware.tsearch, anti-malware, automatisch, exploit.drop.gsa, gelöscht, pup.bundleinstaller.bi, pup.bundleinstaller.vg, pup.fctplugin, trojan.0access, trojan.agent, trojan.agent.ed, trojan.agent.tpl, trojan.banker, trojan.bho, trojan.downloader, trojan.dropper.bcminer, trojan.fakealert, trojan.fakems, trojan.pws, trojan.ransom.gen, trojan.zbot.gen |
Linear-Darstellung
