| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mail delivery failed returning message to senderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.06.2013, 09:02
| #1 |
| |  Mail delivery failed returning message to sender Hi zusammen. Ich weiß dieses Problem wurde schon 100 mal behandelt und angesprochen, ich hab mich diesbezüglich auch schon hier sehr belesen und auch selbst versucht das Problem zu lösen. Ich bekomms nicht hin und bräuchte bitte fachkompetente Hilfe. Die Mails hab ich alle niocht versendet und es handelt sich meisst um irgendwelche Inkassosachen. Im Vorfeld hab ich schon eine Progss mal durchrennen lassen. Die Logs poste ich direkt mal hier. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.12.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Andre :: ANDRE-PC [Administrator] Schutz: Aktiviert 12.06.2013 18:10:10 mbam-log-2013-06-12 (18-10-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242548 Laufzeit: 5 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 19:54:16 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Andre - ANDRE-PC
# Bootmodus : Normal
# Ausgeführt unter : E:\Downloads\adwcleaner2303.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\searchplugins\web-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\ICQ6Toolbar
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\Users\Andre\AppData\Local\Temp\OCS
Gelöscht mit Neustart : C:\Users\Andre\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\prefs.js
C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search...");
Gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false);
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "mein%20fisch%20paarung||sarrazin%20zitate||alcatraz%20w%C3%A4chter|[...]
Gelöscht : user_pref("icqtoolbar.installTime", "1287176573");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.10");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "125713416212571341621257194084899");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1287176576);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");
Datei : C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\8va7z8nd.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4086 octets] - [13/06/2013 19:53:40]
AdwCleaner[S1].txt - [3917 octets] - [13/06/2013 19:54:16]
########## EOF - C:\AdwCleaner[S1].txt - [3977 octets] ##########
Code:
ATTFilter ComboFix 13-06-13.01 - Andre 13.06.2013 20:26:44.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.8155.5982 [GMT 2:00]
ausgeführt von:: e:\downloads\ComboFix.exe
AV: G Data InternetSecurity 2014 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2014 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andre\AppData\Local\assembly\tmp
c:\users\Andre\AppData\Roaming\.#
c:\users\Andre\AppData\Roaming\inst.exe
c:\users\Andre\AppData\Roaming\mIRC\logs\status.log
c:\users\Andre\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0407.exe
c:\windows\SysWow64\tmp8BF9.tmp
c:\windows\SysWow64\tmp8C19.tmp
c:\windows\wininit.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-13 bis 2013-06-13 ))))))))))))))))))))))))))))))
.
.
2013-06-13 18:38 . 2013-06-13 18:42 -------- d-----w- c:\users\Andre\AppData\Local\temp
2013-06-13 18:38 . 2013-06-13 18:38 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-06-13 18:38 . 2013-06-13 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-13 18:38 . 2013-06-13 18:38 -------- d-----w- c:\users\Janine\AppData\Local\temp
2013-06-13 17:54 . 2013-06-13 17:54 266 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-12 16:09 . 2013-06-12 16:09 -------- d-----w- c:\users\Andre\AppData\Roaming\Malwarebytes
2013-06-12 16:09 . 2013-06-12 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-12 16:09 . 2013-06-12 16:09 -------- d-----w- c:\programdata\Malwarebytes
2013-06-12 16:09 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-12 06:03 . 2013-04-24 02:10 1078272 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 06:03 . 2013-04-24 01:46 812544 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 06:03 . 2013-04-24 04:09 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 06:03 . 2013-04-24 04:09 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 06:03 . 2013-04-24 04:09 1269248 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 06:03 . 2013-04-24 04:09 50688 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 06:03 . 2013-04-24 04:00 985600 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 06:03 . 2013-04-24 04:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 06:03 . 2013-04-24 04:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 06:03 . 2013-04-24 04:00 41984 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 06:03 . 2013-04-17 13:04 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 06:03 . 2013-04-17 12:30 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 06:03 . 2013-05-08 04:50 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 06:01 . 2013-05-02 04:16 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 06:01 . 2013-05-02 04:04 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 06:01 . 2013-05-02 04:03 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2013-06-11 07:09 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02C304A2-60F0-436B-B3DE-A6FDAD1C643A}\mpengine.dll
2013-06-07 20:43 . 2013-06-07 20:44 -------- d--h--w- c:\program files (x86)\Temp
2013-06-07 20:43 . 2011-12-21 09:35 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-06-07 20:43 . 2011-09-08 08:40 508520 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2013-06-07 20:43 . 2013-06-07 20:43 -------- d-----w- C:\SuperChargerProfile
2013-06-07 20:42 . 2010-11-28 20:50 44672 ----a-r- c:\windows\system32\drivers\usbfilter.sys
2013-06-07 20:39 . 2013-06-07 20:39 -------- d-----w- C:\MSI
2013-06-07 20:10 . 2013-06-07 20:10 16944 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2013-06-07 20:10 . 2013-06-07 20:10 107128 ----a-w- c:\windows\system32\drivers\GRD.sys
2013-06-07 19:28 . 2013-06-07 19:28 -------- d-----w- c:\users\Janine\AppData\Local\Apple
2013-06-07 19:07 . 2013-06-07 19:07 -------- d-----w- c:\users\Andre\AppData\Local\G DATA
2013-06-07 18:16 . 2013-06-07 18:59 62808 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2013-06-07 18:15 . 2013-06-07 18:59 65368 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2013-06-07 18:15 . 2013-06-07 18:59 130392 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2013-06-07 18:15 . 2013-06-07 18:59 60248 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2013-06-07 18:15 . 2013-06-07 18:59 64856 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2013-06-07 18:10 . 2013-06-07 18:10 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2013-06-07 16:51 . 2013-06-07 18:14 -------- d-----w- c:\program files (x86)\G Data
2013-06-07 16:33 . 2013-06-07 16:33 -------- d-----w- c:\programdata\EA Logs
2013-06-07 15:19 . 2013-06-07 15:19 -------- d-----w- c:\programdata\Downloaded Installations
2013-05-19 15:35 . 2013-05-19 15:35 -------- d-----w- c:\program files\iPod
2013-05-19 15:35 . 2013-05-19 15:36 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 15:35 . 2013-05-19 15:36 -------- d-----w- c:\program files\iTunes
2013-05-19 15:35 . 2013-05-19 15:36 -------- d-----w- c:\program files (x86)\iTunes
2013-05-15 16:50 . 2013-05-15 16:58 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-05-15 15:03 . 2013-04-09 01:55 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 15:03 . 2013-04-15 14:17 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:03 . 2013-04-13 03:34 47104 ----a-w- c:\windows\system32\cdd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 13:17 . 2012-04-04 19:23 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 13:17 . 2011-05-22 09:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 06:22 . 2006-11-02 12:35 75825640 ----a-w- c:\windows\system32\mrt.exe
2013-06-07 16:37 . 2010-12-11 18:33 82816 ----a-w- c:\users\Andre\AppData\Roaming\pcouffin.sys
2013-05-02 00:06 . 2009-10-03 12:15 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2013-03-29 02:37 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2013-03-29 02:37 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2013-03-29 02:37 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2012-06-11 16:25 112440 ----a-w- c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2012-06-11 17:23 1155264 ----a-w- c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2013-03-29 02:37 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2013-03-29 02:36 8272136 ----a-w- c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2013-03-29 02:36 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2013-03-29 02:36 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2013-03-29 02:36 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2013-03-29 02:36 5000320 ----a-w- c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2012-06-11 16:36 6985624 ----a-w- c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2013-03-29 02:10 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2013-03-29 02:04 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:11 . 2013-03-29 01:11 79360 ----a-w- c:\windows\system32\amdave64.dll
2013-03-29 01:11 . 2013-03-29 01:11 78336 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-03-29 01:11 . 2013-03-29 01:11 74240 ----a-w- c:\windows\system32\atisamu64.dll
2013-03-29 01:11 . 2013-03-29 01:11 71168 ----a-w- c:\windows\atisamu32.dll
2013-03-29 01:10 . 2013-03-29 01:10 636416 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2013-03-29 01:10 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2013-03-29 01:09 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-29 01:07 . 2012-06-11 16:24 45056 ----a-w- c:\windows\system32\atitmp64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-28 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-03-22 1854928]
"G Data AntiVirus Tray"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1444304]
"G Data ASM"="c:\program files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" [2013-02-25 472016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:17]
.
2013-06-12 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 09:00]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 09:00]
.
2013-01-30 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-30 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Andre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Save YouTube Video
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.t-online.de
FF - ExtSQL: 2013-04-24 14:31; ich@maltegoetz.de; c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\extensions\ich@maltegoetz.de
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-JDownloader - c:\program files (x86)\JDownloader\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2626627632-1869365599-2587094263-1000\Software\SecuROM\License information*]
"datasecu"=hex:4f,31,42,51,e2,ae,2d,67,2b,78,45,29,bf,02,32,f3,44,8c,64,3b,44,
25,30,f0,18,4e,94,e1,2f,f0,3a,39,27,55,42,36,c3,de,70,e1,7e,36,79,d6,78,12,\
"rkeysecu"=hex:97,02,0b,bf,29,87,0c,55,e1,38,ae,8b,27,eb,43,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\MSI\Super-Charger\ChargeService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-13 20:53:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-13 18:53
.
Vor Suchlauf: 16 Verzeichnis(se), 224.166.551.552 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 224.464.683.008 Bytes frei
.
- - End Of File - - 5E5ED7E443A1574E5B229557D13AB691
5C616939100B85E558DA92B899A0FC36
Geändert von illu79 (14.06.2013 um 09:06 Uhr) Grund: Ergänzung |
|
14.06.2013, 09:18
| #2 |
| /// the machine /// TB-Ausbilder    | Mail delivery failed returning message to sender hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
14.06.2013, 09:34
| #3 |
| | Mail delivery failed returning message to sender Erstmal danke für die schnelle Antwort. Hier die Logs.
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Andre (administrator) on 14-06-2013 10:27:31
Running from E:\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7311\Monitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-29] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r [221300 2008-05-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GDFirewallTray] "C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data AntiVirus Tray] "C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] "C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" /autostart [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Janine\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\Janine\...\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Users\Andre\AppData\Local\Temp\E_SFC59.tmp" /EF "HKCU" [x]
HKU\Janine\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-29] ()
HKU\Janine\...\Policies\system: [LogonHoursAction] 2
HKU\Janine\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default
FF SelectedSearchEngine: Google
FF Homepage: www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\54xavbxq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-03-01] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
S3 Creative ALchemy AL1 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [79360 2009-02-22] (Creative Labs)
S3 Creative HOAL Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [79360 2009-02-22] (Creative Labs)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [190464 2009-04-11] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [2804893 2009-04-01] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-10-14] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 Arctosa; C:\Windows\System32\drivers\Arctosa.sys [20480 2008-09-12] (Razer USA Ltd.)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2010-11-26] (Turtle Entertainment GmbH)
S3 FLASHSYS; C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [15192 2008-02-15] ()
S3 FLASHSYS; C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [15192 2008-02-15] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-07] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-07] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-06-07] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-07] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-07] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-07] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-07] (G Data Software AG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-21] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [524800 2007-03-14] (PixArt Imaging Inc.)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [101376 2011-11-21] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [217088 2011-11-21] (Renesas Electronics Corporation)
R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-24] ()
U3 a9mvbn69; C:\Windows\System32\Drivers\a9mvbn69.sys [0 ] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 MSICDSetup; \??\F:\CDriver64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-14 10:27 - 2013-06-14 10:27 - 00000000 ____D C:\FRST
2013-06-13 20:53 - 2013-06-13 20:53 - 00025372 ____A C:\ComboFix.txt
2013-06-13 20:08 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-13 20:08 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-13 20:08 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-13 20:08 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-13 20:08 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-13 20:08 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-13 20:08 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-13 20:08 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-13 20:05 - 2013-06-13 20:53 - 00000000 ____D C:\Qoobox
2013-06-13 20:04 - 2013-06-13 20:50 - 00000000 ____D C:\Windows\erdnt
2013-06-13 19:54 - 2013-06-13 19:54 - 00004040 ____A C:\AdwCleaner[S1].txt
2013-06-13 19:54 - 2013-06-13 19:54 - 00000266 ____A C:\Windows\DeleteOnReboot.bat
2013-06-13 19:53 - 2013-06-13 19:53 - 00004086 ____A C:\AdwCleaner[R1].txt
2013-06-12 18:09 - 2013-06-12 18:09 - 00000948 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-12 18:09 - 2013-06-12 18:09 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Malwarebytes
2013-06-12 18:09 - 2013-06-12 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-12 18:09 - 2013-06-12 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-12 18:09 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-12 08:15 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 08:15 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 08:15 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 08:15 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:15 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 08:15 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 08:15 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 08:15 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:15 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 08:15 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 08:15 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 08:15 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:15 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 08:15 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 08:15 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 08:15 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:15 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 08:15 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 08:15 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 08:15 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 08:15 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 08:15 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 08:15 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 08:15 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 08:15 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 08:15 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 08:15 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 08:15 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 08:15 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 08:15 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 08:15 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 08:15 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 08:03 - 2013-05-08 06:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:03 - 2013-04-24 06:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:03 - 2013-04-24 06:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:03 - 2013-04-24 06:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:03 - 2013-04-24 06:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:03 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:03 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:03 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:03 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:03 - 2013-04-24 04:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:03 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:03 - 2013-04-17 15:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:03 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:01 - 2013-05-02 06:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:01 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:01 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2013-06-07 22:43 - 2013-06-07 22:44 - 00002292 ____A C:\RHDSetup.log
2013-06-07 22:43 - 2013-06-07 22:44 - 00000189 ____A C:\mylog.log
2013-06-07 22:43 - 2013-06-07 22:43 - 00001898 ____A C:\Users\Public\Desktop\Super-Charger.lnk
2013-06-07 22:43 - 2013-06-07 22:43 - 00000000 ____D C:\SuperChargerProfile
2013-06-07 22:43 - 2011-12-21 11:35 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2013-06-07 22:43 - 2011-09-08 10:40 - 00508520 ____A (Realtek ) C:\Windows\System32\Drivers\Rtlh64.sys
2013-06-07 22:42 - 2010-11-28 22:50 - 00044672 ___RA (Advanced Micro Devices) C:\Windows\System32\Drivers\usbfilter.sys
2013-06-07 22:39 - 2013-06-07 22:39 - 00000000 ____D C:\MSI
2013-06-07 22:10 - 2013-06-07 22:10 - 00107128 ____A (G Data Software) C:\Windows\System32\Drivers\GRD.sys
2013-06-07 22:10 - 2013-06-07 22:10 - 00016944 ____A (G Data Software) C:\Windows\System32\Drivers\GdPhyMem.sys
2013-06-07 21:28 - 2013-06-07 21:28 - 00000000 ____D C:\Users\Janine\AppData\Local\Apple
2013-06-07 21:07 - 2013-06-07 21:07 - 00000000 ____D C:\Users\Andre\AppData\Local\G DATA
2013-06-07 21:02 - 2013-06-07 21:02 - 00000732 ____A C:\Users\Janine\AppData\Local\d3d9caps64.dat
2013-06-07 20:59 - 2013-06-07 20:59 - 00001881 ____A C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-07 20:16 - 2013-06-07 20:59 - 00062808 ____A (G Data Software AG) C:\Windows\System32\Drivers\PktIcpt.sys
2013-06-07 20:15 - 2013-06-07 20:59 - 00130392 ____A (G Data Software AG) C:\Windows\System32\Drivers\MiniIcpt.sys
2013-06-07 20:15 - 2013-06-07 20:59 - 00065368 ____A (G Data Software AG) C:\Windows\System32\Drivers\HookCentre.sys
2013-06-07 20:15 - 2013-06-07 20:59 - 00064856 ____A (G Data Software AG) C:\Windows\System32\Drivers\gdwfpcd64.sys
2013-06-07 20:15 - 2013-06-07 20:59 - 00060248 ____A (G Data Software AG) C:\Windows\System32\Drivers\GDBehave.sys
2013-06-07 18:51 - 2013-06-07 20:14 - 00000000 ____D C:\Program Files (x86)\G Data
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\2C0A
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0C0A
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0C04
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0816
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0804
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0424
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041F
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041E
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041D
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041B
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0419
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0416
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0415
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0414
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0413
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0412
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0411
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0410
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040E
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040D
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040C
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040B
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040A
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0409
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0408
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0406
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0405
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0404
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0401
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-06-07 17:19 - 2013-06-07 17:19 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-22 15:16 - 2013-06-07 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-19 17:36 - 2013-05-19 17:36 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-19 17:35 - 2013-05-19 17:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 17:35 - 2013-05-19 17:36 - 00000000 ____D C:\Program Files\iTunes
2013-05-19 17:35 - 2013-05-19 17:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-19 17:35 - 2013-05-19 17:35 - 00000000 ____D C:\Program Files\iPod
2013-05-15 18:50 - 2013-05-15 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-15 17:03 - 2013-04-15 16:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 17:03 - 2013-04-13 05:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 17:03 - 2013-04-09 03:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders =======
2013-06-14 10:27 - 2013-06-14 10:27 - 00000000 ____D C:\FRST
2013-06-14 10:17 - 2012-04-04 21:23 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-14 10:11 - 2011-07-29 00:23 - 00000000 ____D C:\Users\Andre\AppData\Local\PMB Files
2013-06-14 10:06 - 2008-01-21 03:53 - 01984591 ____A C:\Windows\WindowsUpdate.log
2013-06-14 09:41 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\System32\inetsrv
2013-06-14 09:40 - 2012-03-24 11:01 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-14 09:39 - 2011-12-17 14:02 - 01101376 ____A C:\Windows\PFRO.log
2013-06-14 09:39 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-14 09:39 - 2006-11-02 17:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-14 09:39 - 2006-11-02 17:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-14 01:41 - 2006-11-02 17:42 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-14 01:29 - 2012-03-24 11:01 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-13 20:53 - 2013-06-13 20:53 - 00025372 ____A C:\ComboFix.txt
2013-06-13 20:53 - 2013-06-13 20:05 - 00000000 ____D C:\Qoobox
2013-06-13 20:53 - 2006-11-02 15:33 - 00000000 __RHD C:\users\Default
2013-06-13 20:50 - 2013-06-13 20:04 - 00000000 ____D C:\Windows\erdnt
2013-06-13 20:42 - 2006-11-02 14:34 - 00000215 ____A C:\Windows\system.ini
2013-06-13 19:54 - 2013-06-13 19:54 - 00004040 ____A C:\AdwCleaner[S1].txt
2013-06-13 19:54 - 2013-06-13 19:54 - 00000266 ____A C:\Windows\DeleteOnReboot.bat
2013-06-13 19:53 - 2013-06-13 19:53 - 00004086 ____A C:\AdwCleaner[R1].txt
2013-06-12 19:18 - 2010-10-02 19:18 - 00000252 ____A C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-06-12 18:09 - 2013-06-12 18:09 - 00000948 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-12 18:09 - 2013-06-12 18:09 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Malwarebytes
2013-06-12 18:09 - 2013-06-12 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-12 18:09 - 2013-06-12 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-12 15:17 - 2012-04-04 21:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:17 - 2011-05-22 11:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 14:19 - 2011-08-17 01:13 - 00000000 ____D C:\SWGEmu
2013-06-12 13:56 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-06-12 08:22 - 2009-02-22 04:53 - 01748616 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-12 08:22 - 2008-01-21 13:10 - 01748616 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 08:22 - 2008-01-21 13:09 - 00754248 ____A C:\Windows\System32\perfh007.dat
2013-06-12 08:22 - 2008-01-21 13:09 - 00174508 ____A C:\Windows\System32\perfc007.dat
2013-06-12 08:22 - 2006-11-02 14:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-08 10:24 - 2006-11-02 14:34 - 00000838 ___RA C:\Windows\System32\Drivers\etc\hosts.20130608-102541.backup
2013-06-07 22:44 - 2013-06-07 22:43 - 00002292 ____A C:\RHDSetup.log
2013-06-07 22:44 - 2013-06-07 22:43 - 00000189 ____A C:\mylog.log
2013-06-07 22:43 - 2013-06-07 22:43 - 00001898 ____A C:\Users\Public\Desktop\Super-Charger.lnk
2013-06-07 22:43 - 2013-06-07 22:43 - 00000000 ____D C:\SuperChargerProfile
2013-06-07 22:43 - 2009-03-20 16:59 - 00000000 ____D C:\Program Files (x86)\MSI
2013-06-07 22:43 - 2009-02-22 02:27 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-06-07 22:39 - 2013-06-07 22:39 - 00000000 ____D C:\MSI
2013-06-07 22:10 - 2013-06-07 22:10 - 00107128 ____A (G Data Software) C:\Windows\System32\Drivers\GRD.sys
2013-06-07 22:10 - 2013-06-07 22:10 - 00016944 ____A (G Data Software) C:\Windows\System32\Drivers\GdPhyMem.sys
2013-06-07 21:28 - 2013-06-07 21:28 - 00000000 ____D C:\Users\Janine\AppData\Local\Apple
2013-06-07 21:07 - 2013-06-07 21:07 - 00000000 ____D C:\Users\Andre\AppData\Local\G DATA
2013-06-07 21:02 - 2013-06-07 21:02 - 00000732 ____A C:\Users\Janine\AppData\Local\d3d9caps64.dat
2013-06-07 20:59 - 2013-06-07 20:59 - 00001881 ____A C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-06-07 20:59 - 2013-06-07 20:16 - 00062808 ____A (G Data Software AG) C:\Windows\System32\Drivers\PktIcpt.sys
2013-06-07 20:59 - 2013-06-07 20:15 - 00130392 ____A (G Data Software AG) C:\Windows\System32\Drivers\MiniIcpt.sys
2013-06-07 20:59 - 2013-06-07 20:15 - 00065368 ____A (G Data Software AG) C:\Windows\System32\Drivers\HookCentre.sys
2013-06-07 20:59 - 2013-06-07 20:15 - 00064856 ____A (G Data Software AG) C:\Windows\System32\Drivers\gdwfpcd64.sys
2013-06-07 20:59 - 2013-06-07 20:15 - 00060248 ____A (G Data Software AG) C:\Windows\System32\Drivers\GDBehave.sys
2013-06-07 20:58 - 2009-11-26 14:06 - 00000000 ____D C:\ProgramData\G DATA
2013-06-07 20:14 - 2013-06-07 18:51 - 00000000 ____D C:\Program Files (x86)\G Data
2013-06-07 20:06 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\setup
2013-06-07 20:06 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-06-07 20:06 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-06-07 20:06 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\com
2013-06-07 20:03 - 2009-11-11 14:03 - 00000000 ____D C:\Users\Andre\AppData\Local\Downloaded Installations
2013-06-07 18:53 - 2013-05-22 15:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-07 18:44 - 2011-04-27 22:38 - 00000000 ____D C:\ProgramData\MFAData
2013-06-07 18:42 - 2011-04-27 23:17 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-07 18:41 - 2009-04-25 15:55 - 00000000 ____D C:\Users\Andre\AppData\Roaming\TuneUp Software
2013-06-07 18:37 - 2010-12-11 20:33 - 00082816 ____A (VSO Software) C:\Users\Andre\AppData\Roaming\pcouffin.sys
2013-06-07 18:37 - 2010-12-11 20:33 - 00007859 ____A C:\Users\Andre\AppData\Roaming\pcouffin.cat
2013-06-07 18:37 - 2010-12-11 20:33 - 00000033 ____A C:\Users\Andre\AppData\Roaming\pcouffin.log
2013-06-07 18:37 - 2010-12-11 20:20 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Vso
2013-06-07 18:37 - 2010-10-18 16:09 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Skype
2013-06-07 18:37 - 2009-11-16 23:45 - 00000000 ____D C:\ProgramData\Skype
2013-06-07 18:35 - 2011-06-15 17:58 - 00000000 ____D C:\Users\Andre\AppData\Local\Unity
2013-06-07 18:35 - 2009-04-09 22:42 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2013-06-07 18:28 - 2011-12-31 16:21 - 00005420 ____A C:\Windows\setupact.log
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\2C0A
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0C0A
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0C04
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0816
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0804
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0424
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041F
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041E
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041D
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\041B
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0419
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0416
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0415
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0414
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0413
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0412
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0411
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0410
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040E
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040D
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040C
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040B
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\040A
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0409
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0408
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0406
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0405
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0404
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Windows\System32\0401
2013-06-07 17:20 - 2013-06-07 17:20 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-06-07 17:20 - 2009-02-22 02:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-07 17:20 - 2009-02-22 02:05 - 00000000 ___AD C:\users\Andre
2013-06-07 17:20 - 2008-01-21 13:05 - 00000000 ____D C:\Windows\System32\0407
2013-06-07 17:19 - 2013-06-07 17:19 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-24 18:26 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-22 18:23 - 2012-05-05 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-20 20:28 - 2013-04-10 12:28 - 00000000 ____D C:\Users\Andre\Documents\WebCam Media
2013-05-19 17:36 - 2013-05-19 17:36 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-19 17:36 - 2013-05-19 17:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 17:36 - 2013-05-19 17:35 - 00000000 ____D C:\Program Files\iTunes
2013-05-19 17:36 - 2013-05-19 17:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-19 17:35 - 2013-05-19 17:35 - 00000000 ____D C:\Program Files\iPod
2013-05-17 06:05 - 2013-06-12 08:15 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 05:27 - 2013-06-12 08:15 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 05:09 - 2013-06-12 08:15 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 05:02 - 2013-06-12 08:15 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 05:02 - 2013-06-12 08:15 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 05:01 - 2013-06-12 08:15 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 05:00 - 2013-06-12 08:15 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 04:58 - 2013-06-12 08:15 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 04:56 - 2013-06-12 08:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 04:56 - 2013-06-12 08:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 04:55 - 2013-06-12 08:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 04:54 - 2013-06-12 08:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 04:53 - 2013-06-12 08:15 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 04:51 - 2013-06-12 08:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 04:51 - 2013-06-12 08:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 04:46 - 2013-06-12 08:15 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 01:08 - 2013-06-12 08:15 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 00:49 - 2013-06-12 08:15 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 00:39 - 2013-06-12 08:15 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 00:28 - 2013-06-12 08:15 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 00:28 - 2013-06-12 08:15 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 00:27 - 2013-06-12 08:15 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 00:26 - 2013-06-12 08:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 00:23 - 2013-06-12 08:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 00:21 - 2013-06-12 08:15 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 00:21 - 2013-06-12 08:15 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 00:20 - 2013-06-12 08:15 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 00:19 - 2013-06-12 08:15 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 00:17 - 2013-06-12 08:15 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 00:17 - 2013-06-12 08:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 00:16 - 2013-06-12 08:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-17 00:12 - 2013-06-12 08:15 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 18:58 - 2013-05-15 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-15 17:58 - 2009-10-04 13:14 - 00000000 ____D C:\Users\Andre\AppData\Local\PokerStars.EU
2013-05-15 17:48 - 2006-11-02 17:21 - 04962848 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 17:38 - 2009-03-12 01:31 - 00000000 ____D C:\ProgramData\Microsoft Help
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-14 09:45
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013 Ran by Andre at 2013-06-14 10:28:06 Run: Running from E:\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= AC3Filter (remove only) Adobe AIR (Version: 2.5.1.17730) Adobe Community Help (Version: 3.0.0) Adobe Community Help (Version: 3.0.0.400) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Media Player (Version: 0.0.0) Adobe Media Player (Version: 1.1) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Adobe Shockwave Player 11.5 (Version: 11.5.9.615) AMD APP SDK Runtime (Version: 10.0.938.1) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Fuel (Version: 2013.0328.2218.38225) AMD VISION Engine Control Center (Version: 2013.0328.2218.38225) Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ArcSoft PhotoImpression 5 ArcSoft WebCam Companion 2 AVG PC Tuneup 2011 AVM FRITZ!Box Dokumentation AVM FRITZ!Box Druckeranschluss Bonjour (Version: 3.0.0.10) BurnAware Free 3.0.6 Canon Utilities Easy-LayoutPrint CARRERA's 3D Realism Gameplaypatch (Version: 3.00b) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2010.1026.2246.39002) Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Vista (Version: 2010.1026.2246.39002) Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (Version: 2013.0328.2218.38225) CCC Help Chinese Standard (Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (Version: 2013.0328.2217.38225) CCC Help Czech (Version: 2013.0328.2217.38225) CCC Help Danish (Version: 2013.0328.2217.38225) CCC Help Dutch (Version: 2013.0328.2217.38225) CCC Help English (Version: 2010.1026.2245.39002) CCC Help English (Version: 2013.0328.2217.38225) CCC Help Finnish (Version: 2013.0328.2217.38225) CCC Help French (Version: 2013.0328.2217.38225) CCC Help German (Version: 2013.0328.2217.38225) CCC Help Greek (Version: 2013.0328.2217.38225) CCC Help Hungarian (Version: 2013.0328.2217.38225) CCC Help Italian (Version: 2013.0328.2217.38225) CCC Help Japanese (Version: 2013.0328.2217.38225) CCC Help Korean (Version: 2013.0328.2217.38225) CCC Help Norwegian (Version: 2013.0328.2217.38225) CCC Help Polish (Version: 2013.0328.2217.38225) CCC Help Portuguese (Version: 2013.0328.2217.38225) CCC Help Russian (Version: 2013.0328.2217.38225) CCC Help Spanish (Version: 2013.0328.2217.38225) CCC Help Swedish (Version: 2013.0328.2217.38225) CCC Help Thai (Version: 2013.0328.2217.38225) CCC Help Turkish (Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2010.1026.2246.39002) ccc-utility64 (Version: 2013.0328.2218.38225) Counter-Strike Creative ALchemy (X-Fi Edition) Creative Media Toolbox 6 (Shared Components) (Version: 2.80.12) Creative Media Toolbox 6 (Version: 6.00) Creative MediaSource 5 (Version: 5.00) Creative Software AutoUpdate Creative Systeminformationen Creative USB Headsets (Version: 1.0) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Converter (Version: 7.1.0) DivX Plus DirectShow Filters Dota 2 Druckerdeinstallation für EPSON SX110 Series EA Download Manager (Version: 5.1.0.4) Epson Easy Photo Print 2 (Version: 2.1.0.0) Epson Event Manager (Version: 2.30.01) Epson Printer Software Downloader Epson Printer Software Downloader (Version: 2.0.0) EPSON Scan Epson Stylus SX110_TX110 Handbuch Fallout 3 (Version: 1.00.0000) Far Cry 2 (Version: 1.03.00) G Data InternetSecurity 2014 (Version: 24.0.2.3) Google Earth Plug-in (Version: 7.0.3.8542) Google Update Helper (Version: 1.3.21.145) Grand Theft Auto: Episodes from Liberty City (Version: 1.0.0003.135) iCloud (Version: 2.1.2.8) ImagXpress (Version: 7.0.74.0) ImgBurn (Version: 2.5.5.0) iTunes (Version: 11.0.3.42) Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220) Java(TM) 6 Update 31 (Version: 6.0.310) JDownloader (Version: 0.89) Launchpad Enhanced (Version: 0.05.000) Left 4 Dead 2 Liveupdate4 Logitech Desktop Messenger (Version: 2.54.11) Logitech QuickCam-Treiberpaket Logitech Updater (Version: 1.70) Logitech Webcam Software (Version: 12.10.1113) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MediaMonkey 3.2 (Version: 3.2) Medieval II Total War (Version: 1.00.0000) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.4734.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.4734.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) Nero ControlCenter (Version: 0.0.0.1) Nero Vision (Version: 0.0.0.1) neroxml (Version: 1.0.0) Nitro PDF Professional (Version: 6.2.3.6) NVIDIA PhysX (Version: 9.10.0129) Pando Media Booster (Version: 2.3.6.0) PC VGA Camer@ (Version: 1.0.2.13) Picasa 3 (Version: 3.9) PokerStars PunkBuster Services (Version: 0.986) QuickTime (Version: 7.73.80.64) Razer Arctosa (Version: 1.00.0000) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.4) Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000) Realtek Ethernet Controller Driver (Version: 6.250.908.2011) Realtek High Definition Audio Driver (Version: 6.0.1.5657) RealUpgrade 1.1 (Version: 1.1.0) Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.12.0) Rossmann Fotowelt Software 4.9 (Version: 4.9) Safari (Version: 5.34.57.2) Star Wars - Episode 1 (Version: 4.4.3.377) Star Wars Galaxies Star Wars: The Old Republic (Version: 1.00) Steam (Version: 1.0.0.0) Super-Charger (Version: 1.2.014) TeamSpeak 2 RC2 (Version: 2.0.32.60) TeamSpeak 3 Client (Version: 3.0.10) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) VCRedistSetup (Version: 1.0.0) Vista Codec Package (Version: 5.1.3) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01) Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) VLC media player 1.1.5 (Version: 1.1.5) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Fotogalerie (Version: 14.0.8117.416) Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live Movie Maker (Version: 14.0.8117.0416) Windows Live Sync (Version: 14.0.8117.416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows Media Player Firefox Plugin (Version: 1.0.0.8) WinRAR WinZip 15.0 (Version: 15.0.9334) XMedia Recode 2.2.8.9 (Version: 2.2.8.9) YouTube Downloader 3.5 ==================== Restore Points ========================= 15-05-2013 15:28:36 Windows Update 19-05-2013 09:49:30 Geplanter Prüfpunkt 07-06-2013 15:19:58 Installiert Renesas Electronics USB 3.0 Host Controller Driver 07-06-2013 16:36:03 Removed SD Formatter 07-06-2013 16:36:44 Removed Skype™ 6.3 07-06-2013 16:40:04 Removed AVG 2011 07-06-2013 16:43:28 Removed AVG 2011 07-06-2013 16:50:29 G Data InternetSecurity 2013 wurde installiert. 07-06-2013 17:23:52 Windows Update 07-06-2013 18:03:56 G Data InternetSecurity 2013 wurde installiert. 07-06-2013 18:13:29 G Data InternetSecurity 2013 wurde installiert. 07-06-2013 19:30:38 Geplanter Prüfpunkt 07-06-2013 20:42:02 Gerätetreiber-Paketinstallation: AMD Systemgeräte 07-06-2013 20:43:04 Installiert Realtek Ethernet Controller Driver 08-06-2013 07:21:11 Windows Defender Checkpoint 11-06-2013 07:07:15 Windows Update 12-06-2013 06:14:31 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2013 09:40:09 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 11:55:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 08:41:59 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 08:16:58 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 07:57:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 07:36:46 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 08:50:56 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/13/2013 08:49:36 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2013 05:52:16 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2013 01:40:56 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/14/2013 09:40:54 AM) (Source: srv) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (06/14/2013 09:40:09 AM) (Source: Service Control Manager) (User: ) Description: Beep i8042prt Lbd StarOpen Error: (06/14/2013 09:39:27 AM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/13/2013 11:56:00 PM) (Source: srv) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (06/13/2013 11:55:27 PM) (Source: Service Control Manager) (User: ) Description: Beep i8042prt Lbd StarOpen Error: (06/13/2013 11:54:34 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/13/2013 08:42:40 PM) (Source: srv) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (06/13/2013 08:41:59 PM) (Source: Service Control Manager) (User: ) Description: Beep i8042prt Lbd StarOpen Error: (06/13/2013 08:41:09 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/13/2013 08:39:01 PM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Microsoft Office Sessions: ========================= Error: (06/14/2013 09:40:09 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 11:55:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 08:41:59 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 08:16:58 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 07:57:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 07:36:46 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2013 08:50:56 AM) (Source: SideBySide)(User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (06/13/2013 08:49:36 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2013 05:52:16 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2013 01:40:56 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-06-14 10:28:01.485 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:01.292 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:01.088 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:00.882 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:00.675 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:00.477 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:00.275 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:28:00.068 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:27:45.445 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-14 10:27:45.250 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8155.31 MB Available physical RAM: 5560.4 MB Total Pagefile: 16497.14 MB Available Pagefile: 13271.43 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:488.28 GB) (Free:208.61 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:488.28 GB) (Free:285.45 GB) NTFS (Disk=0 Partition=2) Drive e: () (Fixed) (Total:420.7 GB) (Free:297.06 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397 GB) (Disk ID: 74255579) Partition 1: (Active) - (Size=488 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=421 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
14.06.2013, 11:13
| #4 |
| /// the machine /// TB-Ausbilder | Mail delivery failed returning message to sender Hi, Passwort von einem anderen Rechner aus geändert?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2013, 11:27
| #5 |
| | Mail delivery failed returning message to sender Nein. Ich benutze Thunderbird als E-Mail Programm und das auch schon Ewigkeiten ohne Probleme. Das einzige was in den letzten Monaten geändert/erneuert wurde ist die CPU, Mainboard, Graka. Ansonsten wurde an der Hardware nichts verändert, Software ebenfalls nicht. Edit: Software hab ich AVG runtergeworfen und G Data draufgepackt. Geändert von illu79 (14.06.2013 um 11:29 Uhr) Grund: Ergänzung |
|
14.06.2013, 11:52
| #6 |
| /// the machine /// TB-Ausbilder | Mail delivery failed returning message to sender Bitte Passwort zum Mail Account auf der Homepage des Anbieters ändern. Dann Profil in Thunderbird löschen und neu erstellen. Kommen dann immer noch so Mails?
__________________ --> Mail delivery failed returning message to sender |
|
14.06.2013, 12:01
| #7 |
| | Mail delivery failed returning message to sender Habs mal gemacht. Ich halte dich auf dem Laufenden. |
|
14.06.2013, 12:02
| #8 |
| /// the machine /// TB-Ausbilder | Mail delivery failed returning message to sender Du bekommst solche Mails da Dein Acc benutzt wird, also ist das PW ändern die aller erste Maßnahme  . Logs sind sauber (nachdem Du ja schon ordentlich was wegeputzt hast).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Mail delivery failed returning message to sender |
| adobe, antivirus, avg, browser, combofix, converter, defender, excel, explorer, failed, firefox, flash player, home, internet browser, mail delivery, monitor, monitor.exe, mozilla, mp3, neustart, object, problem, registrierungsdatenbank, security, software, svchost, temp, updates, vista |
Linear-Darstellung
