| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hohe Pings, langsames Streaming und keinen Schimmer woher.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2013, 11:09
| #1 |
| |  Hohe Pings, langsames Streaming und keinen Schimmer woher. Sehr geehrte Trojaner-Community, Seit rund zwei Wochen sind meine Down- und Uploadgeschwindigkeiten im Keller. Vorher hatte ich je nach Server 3-4mb/Sekunde download, jetzt kriech ich bei 84 kbps rum. In Spielen hab ich Pings von 600+ (alle paar minuten gibts ne kurze "Lag-Pause", in der ich dann rund 10 Sekunden mit einem 20er Ping unterwegs bin). Und Streaming ist quasi unmöglich geworden. Am Router sieht meinem Verständnis nach alles sauber aus, mein Smartphone, das am WLEN hängt ist auch "vergleichsweise" schnell (Wobei der Vergleich von Smartphone zu PC natürlich nicht so einfach ist). Was kann ich tun? Folgend die Log-Files: OTL: [QUOTE] beiOTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2013 11:56:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OryxMortis\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,33% Memory free 15,90 Gb Paging File | 12,73 Gb Available in Paging File | 80,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 155,81 Gb Free Space | 33,46% Space Free | Partition Type: NTFS Drive D: | 7,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ORYXMORTIS-PC | User Name: OryxMortis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.16 11:56:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OryxMortis\Downloads\OTL.exe PRC - [2013.06.12 21:33:21 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.06.07 00:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.05.22 18:26:46 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013.03.20 13:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.20 22:40:50 | 026,596,344 | ---- | M] (ICQ) -- C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe PRC - [2012.12.20 19:11:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe PRC - [2012.12.18 21:08:44 | 003,478,752 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.22 17:14:08 | 000,142,904 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe PRC - [2012.05.22 17:14:06 | 000,502,328 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe PRC - [2012.03.29 07:36:56 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.29 07:36:54 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.29 07:36:39 | 000,165,144 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.03.26 19:14:26 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.06.12 21:33:20 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.07 00:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.05.22 18:26:46 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.07 03:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.12.20 22:40:51 | 000,851,456 | ---- | M] () -- C:\Users\OryxMortis\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll MOD - [2012.12.20 18:20:48 | 000,068,616 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\QtWebKit\qmlwebkitplugin4.dll MOD - [2012.12.20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.09.23 21:43:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu ========== Services (SafeList) ========== SRV - [2013.06.12 21:33:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.22 18:26:46 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2012.12.20 19:11:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP) SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.04 17:07:17 | 006,371,192 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.22 17:14:08 | 000,142,904 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger) SRV - [2012.03.29 07:36:56 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.29 07:36:54 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.29 07:36:39 | 000,165,144 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.03.07 03:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 05:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009.03.30 05:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.16 10:49:16 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2012.11.02 15:48:52 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.10.18 14:50:46 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.09.03 18:23:58 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.09.03 17:57:00 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.03.26 19:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.26 19:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.26 19:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 11:36:44 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ta2avs.sys -- (ta2avs) DRV:64bit: - [2012.02.22 11:36:44 | 000,079,952 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ta2usb.sys -- (ta2usb_svc) DRV:64bit: - [2012.02.16 07:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.02.09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2011.11.10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.02 14:39:44 | 000,084,536 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2011.06.02 14:39:44 | 000,066,616 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013.05.25 21:40:25 | 000,075,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV79.sys -- (SSHDRV79) DRV - [2010.01.18 11:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE F6 31 C9 7C DE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.34 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.2.558 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OryxMortis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.01.08 05:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013.06.16 10:51:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013.06.16 10:51:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013.06.16 10:51:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013.06.16 10:50:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013.06.16 10:51:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files (x86)\LyricsFan\FF\ [2013.05.24 18:30:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.19 21:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OryxMortis\AppData\Roaming\mozilla\Extensions [2013.05.07 23:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OryxMortis\AppData\Roaming\mozilla\Firefox\Profiles\ftecxqfy.default\extensions [2013.05.07 23:11:40 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\OryxMortis\AppData\Roaming\mozilla\Firefox\Profiles\ftecxqfy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.04.06 10:37:15 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\OryxMortis\AppData\Roaming\mozilla\Firefox\Profiles\ftecxqfy.default\extensions\ich@maltegoetz.de [2013.05.22 18:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 18:26:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.16 10:50:59 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\ANTI_BANNER@KASPERSKY.COM O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [icq] C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42AAD706-39EE-4B85-B095-7EBCEE77285B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - %SystemRoot%\System32\DreamScene.dll File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.16 10:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0 [2013.06.16 10:51:46 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.06.16 10:51:19 | 000,066,616 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys [2013.06.16 10:51:18 | 000,084,536 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys [2013.06.16 10:51:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.06.16 10:51:01 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.06.16 10:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch [2013.06.16 10:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.06.16 10:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.06.16 10:50:41 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.06.16 10:50:41 | 000,089,944 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.06.15 18:29:05 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Rap [2013.06.15 18:13:15 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Chillout [2013.06.09 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Skilltree [2013.06.09 21:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphviz 2.28 [2013.06.09 21:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graphviz 2.28 [2013.06.09 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\.freemind [2013.06.09 21:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [2013.06.09 21:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2013.06.07 23:49:56 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Battlefield Vietnam [2013.06.03 00:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2013.06.02 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Bewerbung [2013.06.01 10:16:18 | 000,000,000 | ---D | C] -- C:\stuff [2013.05.26 03:29:42 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Serious Sam II [2013.05.25 22:04:59 | 006,518,272 | ---- | C] ( Taleworlds Entertainment) -- C:\Users\OryxMortis\Desktop\mb_warband.exe [2013.05.25 22:04:34 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Documents\Mount&Blade Warband Savegames [2013.05.25 22:00:22 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\AppData\Roaming\Mount&Blade Warband [2013.05.25 22:00:12 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband [2013.05.25 22:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband [2013.05.25 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Documents\Mount&Blade Warband [2013.05.25 21:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mount&Blade Warband [2013.05.25 21:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment [2013.05.25 21:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascaron Entertainment [2013.05.25 21:12:06 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\mbwCrack [2013.05.25 20:56:40 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\AppData\Roaming\Sierra [2013.05.25 20:56:40 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Documents\Empire Earth II [2013.05.25 19:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Games Company [2013.05.25 19:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Games Company [2013.05.25 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Documents\NeocoreGames [2013.05.25 09:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.25 09:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.05.24 18:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.05.24 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan [2013.05.24 18:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics [2013.05.24 18:09:59 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\nevv [2013.05.22 18:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.20 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\Desktop\Musik [2013.05.19 20:49:47 | 000,000,000 | ---D | C] -- C:\Wallpapes [2013.05.19 19:02:25 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\AppData\Local\Chromium [2013.05.19 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\OryxMortis\AppData\Local\Funcom [2013.05.19 17:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.16 11:55:46 | 000,000,000 | ---- | M] () -- C:\Users\OryxMortis\defogger_reenable [2013.06.16 11:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.16 10:59:20 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.16 10:57:14 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 10:57:14 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 10:55:18 | 001,806,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.16 10:55:18 | 000,765,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.16 10:55:18 | 000,720,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.16 10:55:18 | 000,174,494 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.16 10:55:18 | 000,147,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.16 10:52:35 | 000,002,216 | ---- | M] () -- C:\Users\OryxMortis\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.16 10:51:46 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk [2013.06.16 10:49:41 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Lyrics Fan Update.job [2013.06.16 10:49:16 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.06.16 10:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.16 10:49:02 | 2107,817,983 | -HS- | M] () -- C:\hiberfil.sys [2013.06.16 10:46:30 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.10 00:41:33 | 000,018,513 | ---- | M] () -- C:\Users\OryxMortis\Desktop\Ravenloft.odt [2013.06.08 01:47:47 | 000,000,052 | ---- | M] () -- C:\Users\OryxMortis\Desktop\tschuess.bat [2013.05.27 01:16:48 | 001,779,354 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.25 22:00:12 | 000,001,140 | ---- | M] () -- C:\Users\OryxMortis\Desktop\Mount&Blade Warband.lnk [2013.05.25 21:53:23 | 615,036,714 | ---- | M] () -- C:\mb_warband_setup_1153(1).exe [2013.05.25 21:40:25 | 000,075,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\SSHDRV79.sys [2013.05.25 21:34:26 | 000,001,201 | ---- | M] () -- C:\Users\OryxMortis\Desktop\Sacred.lnk [2013.05.24 23:16:39 | 000,000,222 | ---- | M] () -- C:\Users\OryxMortis\Desktop\The Incredible Adventures of Van Helsing.url [2013.05.24 18:31:12 | 000,002,037 | ---- | M] () -- C:\Users\OryxMortis\Desktop\JDownloader.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.16 11:55:46 | 000,000,000 | ---- | C] () -- C:\Users\OryxMortis\defogger_reenable [2013.06.16 10:52:35 | 000,002,216 | ---- | C] () -- C:\Users\OryxMortis\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.16 10:51:56 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk [2013.06.09 20:12:39 | 000,018,513 | ---- | C] () -- C:\Users\OryxMortis\Desktop\Ravenloft.odt [2013.06.08 01:47:47 | 000,000,052 | ---- | C] () -- C:\Users\OryxMortis\Desktop\tschuess.bat [2013.05.25 22:00:12 | 000,001,140 | ---- | C] () -- C:\Users\OryxMortis\Desktop\Mount&Blade Warband.lnk [2013.05.25 21:58:19 | 615,036,714 | ---- | C] () -- C:\mb_warband_setup_1153(1).exe [2013.05.25 21:40:25 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV79.sys [2013.05.25 21:34:26 | 000,001,201 | ---- | C] () -- C:\Users\OryxMortis\Desktop\Sacred.lnk [2013.05.24 23:16:39 | 000,000,222 | ---- | C] () -- C:\Users\OryxMortis\Desktop\The Incredible Adventures of Van Helsing.url [2013.05.24 18:31:12 | 000,002,037 | ---- | C] () -- C:\Users\OryxMortis\Desktop\JDownloader.lnk [2013.05.24 18:31:09 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.05.24 18:31:09 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.05.24 18:31:09 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.05.24 18:30:54 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Lyrics Fan Update.job [2013.05.24 16:29:23 | 000,002,547 | ---- | C] () -- C:\Users\OryxMortis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizardry Online.lnk [2013.05.19 20:48:22 | 000,016,180 | ---- | C] () -- C:\Windows\System\Dscene.reg [2013.04.13 00:25:51 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2013.03.22 22:20:00 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2013.03.22 22:20:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2013.03.22 22:20:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2013.03.22 21:55:02 | 000,039,710 | ---- | C] () -- C:\Windows\DIIUnin.dat [2013.03.07 22:40:48 | 000,000,218 | ---- | C] () -- C:\Users\OryxMortis\AppData\Local\recently-used.xbel [2013.02.06 18:57:21 | 001,779,354 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.04 23:56:05 | 002,536,776 | ---- | C] () -- C:\Users\OryxMortis\Shakira - Waka Waka Official Music Video _ World Cup 2010.mp3 [2013.02.01 17:26:19 | 000,005,021 | ---- | C] () -- C:\Users\OryxMortis\.heldEinstellungen4_1.xml [2013.02.01 17:26:19 | 000,000,307 | ---- | C] () -- C:\Users\OryxMortis\.dsa4.properties [2012.12.24 15:57:17 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.12.24 15:57:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.12.20 18:05:35 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.20 18:05:35 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.20 18:05:34 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.12.19 20:21:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.07 02:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.09 22:46:57 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\Audacity [2013.05.01 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\avidemux [2013.01.31 00:40:18 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\Blender Foundation [2013.01.08 05:30:35 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.04.17 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\DVDVideoSoft [2013.04.17 21:09:31 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.19 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\FireShot [2012.12.20 22:41:53 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\ICQ-Profile [2012.12.20 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\ICQM [2012.12.20 23:44:06 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\LolClient [2013.05.25 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\Mount&Blade Warband [2013.04.17 21:14:27 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\OpenCandy [2012.12.23 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\OpenOffice.org [2013.02.15 16:49:31 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\PDAppFlex [2013.06.10 00:40:46 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\QtProject [2013.04.14 18:16:48 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\REAPER [2013.05.25 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\Sierra [2013.04.17 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\TuneUp Software [2013.02.08 01:45:55 | 000,000,000 | ---D | M] -- C:\Users\OryxMortis\AppData\Roaming\Unity ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 4096 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\OryxMortis\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\OryxMortis\Desktop\desktop.ini:gs5sys < End of report > GMER: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-16 12:08:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.HP73 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ORYXMO~1\AppData\Local\Temp\pxdoyfow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759c1465 2 bytes [9C, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759c14bb 2 bytes [9C, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072661a22 2 bytes [66, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072661ad0 2 bytes [66, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072661b08 2 bytes [66, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072661bba 2 bytes [66, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072661bda 2 bytes [66, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759c1465 2 bytes [9C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759c14bb 2 bytes [9C, 75]
.text ... * 2
.text C:\Program Files (x86)\Steam\Steam.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075b6549c 5 bytes JMP 00000001000f0800
.text C:\Program Files (x86)\Steam\Steam.exe[3380] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000759c1465 2 bytes [9C, 75]
.text C:\Program Files (x86)\Steam\Steam.exe[3380] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759c14bb 2 bytes [9C, 75]
.text ... * 2
.text C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759c1465 2 bytes [9C, 75]
.text C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759c14bb 2 bytes [9C, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759c1465 2 bytes [9C, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759c14bb 2 bytes [9C, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3444] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075b6549c 5 bytes JMP 00000001001f0800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759c1465 2 bytes [9C, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759c14bb 2 bytes [9C, 75]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[4952] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077c5fa88 5 bytes JMP 0000000169ef139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[4952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c60018 5 bytes JMP 0000000169ef1a54
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [360:2076] 000007fef6680ea8
Thread C:\Windows\system32\svchost.exe [360:2112] 000007fef6679db0
Thread C:\Windows\system32\svchost.exe [360:1992] 000007fef667aa10
Thread C:\Windows\system32\svchost.exe [360:2180] 000007fef6681c94
Thread C:\Windows\system32\svchost.exe [360:2212] 000007fef6126ed4
Thread C:\Windows\system32\svchost.exe [360:3824] 000007fef6126b8c
Thread C:\Windows\System32\svchost.exe [4292:5048] 000007fef01d9688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4240:3756] 000007fefbc82a7c
---- EOF - GMER 2.1 ----
Über Hilfe wär ich sehr dankbar! |
|
16.06.2013, 11:17
| #2 |
| /// the machine /// TB-Ausbilder    | Hohe Pings, langsames Streaming und keinen Schimmer woher. Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
16.06.2013, 11:23
| #3 |
| | Hohe Pings, langsames Streaming und keinen Schimmer woher. So, hier die Log-Files:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by OryxMortis (administrator) on 16-06-2013 12:19:47
Running from C:\Users\OryxMortis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(ICQ) C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
() C:\Users\OryxMortis\Downloads\gmer_2.1.19163.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6470760 2012-05-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-19] ()
HKCU\...\Run: [icq] C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe -CU [26596344 2012-12-20] (ICQ)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-05-22] (MSI)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [356968 2012-12-20] (Kaspersky Lab ZAO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Lyrics Fan - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\Extensions\ich@maltegoetz.de
FF Extension: FireShot - C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-20] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2012-11-02] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-10-18] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S1 SSHDRV79; C:\Windows\SysWow64\drivers\SSHDRV79.sys [75264 2013-05-25] ()
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-06-16] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S1 SSHDRV79; \??\C:\Windows\system32\drivers\SSHDRV79.sys [x]
U3 pxdoyfow; \??\C:\Users\ORYXMO~1\AppData\Local\Temp\pxdoyfow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-16 12:19 - 2013-06-16 12:19 - 01920546 ____A (Farbar) C:\Users\OryxMortis\Downloads\FRST64.exe
2013-06-16 12:19 - 2013-06-16 12:19 - 00000000 ____D C:\FRST
2013-06-16 12:08 - 2013-06-16 12:08 - 00006919 ____A C:\Users\OryxMortis\Desktop\GMER.log
2013-06-16 12:04 - 2013-06-16 12:04 - 00377856 ____A C:\Users\OryxMortis\Downloads\gmer_2.1.19163.exe
2013-06-16 12:02 - 2013-06-16 12:02 - 00099194 ____A C:\Users\OryxMortis\Downloads\Extras.Txt
2013-06-16 12:01 - 2013-06-16 12:08 - 00104112 ____A C:\Users\OryxMortis\Downloads\OTL.Txt
2013-06-16 11:56 - 2013-06-16 11:56 - 00602112 ____A (OldTimer Tools) C:\Users\OryxMortis\Downloads\OTL.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00050477 ____A C:\Users\OryxMortis\Downloads\Defogger.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00000482 ____A C:\Users\OryxMortis\Downloads\defogger_disable.log
2013-06-16 11:55 - 2013-06-16 11:55 - 00000000 ____A C:\Users\OryxMortis\defogger_reenable
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092033.log
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092007.log
2013-06-16 11:19 - 2013-06-16 11:19 - 00916072 ____A (F-Secure Corporation) C:\Users\OryxMortis\Downloads\fsbl1067.exe
2013-06-16 10:52 - 2013-06-16 10:52 - 00002216 ____A C:\Users\OryxMortis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00001078 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00000000 ____D C:\Windows\ELAMBKUP
2013-06-16 10:51 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-06-16 10:51 - 2011-06-02 14:39 - 00084536 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2013-06-16 10:51 - 2011-06-02 14:39 - 00066616 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2013-06-16 10:50 - 2013-06-16 11:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-16 10:50 - 2013-06-16 10:50 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-16 10:50 - 2012-11-02 15:48 - 00613720 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2013-06-16 10:50 - 2012-11-02 15:48 - 00089944 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2013-06-16 10:49 - 2013-06-16 10:49 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-06-16 10:12 - 2013-06-16 10:43 - 188740896 ____A (Kaspersky Lab) C:\Users\OryxMortis\Downloads\pure13.0.2.558DE_4340.exe
2013-06-15 18:29 - 2013-06-15 18:33 - 00000000 ____D C:\Users\OryxMortis\Desktop\Rap
2013-06-15 18:13 - 2013-06-15 18:35 - 00000000 ____D C:\Users\OryxMortis\Desktop\Chillout
2013-06-15 14:09 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 14:09 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 14:09 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 14:09 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 14:09 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 14:09 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 14:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 14:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 09:39 - 2013-06-15 09:59 - 00002193 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (2).txt
2013-06-14 01:10 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-14 01:10 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 01:10 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 01:10 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 01:10 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-14 01:10 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 16:41 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 16:36 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 16:36 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 16:36 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 16:36 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 16:36 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 16:36 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 16:36 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 16:36 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 16:36 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 16:36 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 16:36 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 16:36 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 16:36 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 16:36 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 16:36 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 16:36 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 16:36 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 16:36 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 22:31 - 2013-06-09 23:00 - 00000000 ____D C:\Users\OryxMortis\Desktop\Skilltree
2013-06-09 21:27 - 2013-06-09 21:27 - 00000000 ____D C:\Program Files (x86)\Graphviz 2.28
2013-06-09 21:25 - 2013-06-09 21:27 - 60429312 ____A C:\Users\OryxMortis\Downloads\graphviz-2.28.0.msi
2013-06-09 21:10 - 2013-06-09 21:16 - 00000000 ____D C:\Users\OryxMortis\.freemind
2013-06-09 21:10 - 2013-06-09 21:10 - 13655880 ____A ( ) C:\Users\OryxMortis\Downloads\FreeMind-Windows-Installer-0.9.0-max.exe
2013-06-09 21:10 - 2013-06-09 21:10 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-06-09 20:12 - 2013-06-10 00:41 - 00018513 ____A C:\Users\OryxMortis\Desktop\Ravenloft.odt
2013-06-08 01:47 - 2013-06-08 01:47 - 00000052 ____A C:\Users\OryxMortis\Desktop\tschuess.bat
2013-06-07 23:49 - 2013-06-07 23:52 - 00000000 ____D C:\Users\OryxMortis\Desktop\Battlefield Vietnam
2013-06-03 22:14 - 2013-06-03 22:22 - 681181264 ____A C:\Users\OryxMortis\Downloads\qt-windows-opensource-5.0.2-mingw47_32-x86-offline.exe
2013-06-03 00:58 - 2013-06-03 00:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-06-02 23:34 - 2013-06-02 23:34 - 00000000 ____D C:\Users\OryxMortis\Desktop\Bewerbung
2013-06-01 10:16 - 2013-06-01 10:18 - 00000000 ____D C:\stuff
2013-05-26 03:29 - 2013-05-26 03:31 - 00000000 ___AD C:\Users\OryxMortis\Desktop\Serious Sam II
2013-05-25 23:34 - 2013-05-25 23:34 - 00000000 ____A C:\Users\OryxMortis\Documents\Neues Textdokument (5).txt
2013-05-25 22:04 - 2013-05-25 22:04 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband Savegames
2013-05-25 22:04 - 2012-05-21 16:01 - 06518272 ____A ( Taleworlds Entertainment) C:\Users\OryxMortis\Desktop\mb_warband.exe
2013-05-25 22:00 - 2013-05-25 23:13 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Mount&Blade Warband
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\OryxMortis\Desktop\Mount&Blade Warband.lnk
2013-05-25 21:59 - 2013-05-25 23:14 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband
2013-05-25 21:59 - 2013-05-25 22:05 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2013-05-25 21:58 - 2013-05-25 21:53 - 615036714 ____A C:\mb_warband_setup_1153(1).exe
2013-05-25 21:40 - 2013-05-25 21:40 - 00075264 ____A C:\Windows\SysWOW64\Drivers\SSHDRV79.sys
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\UpdatusUser\Desktop\Sacred.lnk
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\OryxMortis\Desktop\Sacred.lnk
2013-05-25 21:14 - 2013-05-25 21:14 - 00000000 ____D C:\Program Files (x86)\Ascaron Entertainment
2013-05-25 21:12 - 2013-06-13 20:39 - 00000000 ____D C:\Users\OryxMortis\Desktop\mbwCrack
2013-05-25 21:11 - 2013-05-25 21:11 - 02343582 ____A C:\Users\OryxMortis\Downloads\mbwCrack.rar
2013-05-25 21:07 - 2013-05-25 21:07 - 07032832 ____A C:\Users\OryxMortis\Downloads\PathOfExileInstaller.msi
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\Documents\Empire Earth II
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Sierra
2013-05-25 19:40 - 2013-05-25 19:40 - 00000000 ____D C:\Program Files (x86)\The Games Company
2013-05-25 10:21 - 2013-05-25 10:21 - 00000000 ____D C:\Users\OryxMortis\Documents\NeocoreGames
2013-05-25 09:47 - 2013-05-25 09:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-24 23:21 - 2013-05-25 01:23 - 313856613 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part2.rar.part
2013-05-24 23:16 - 2013-05-24 23:16 - 00000222 ____A C:\Users\OryxMortis\Desktop\The Incredible Adventures of Van Helsing.url
2013-05-24 18:34 - 2013-05-24 22:35 - 472907776 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part1.rar
2013-05-24 18:31 - 2013-05-24 18:35 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-24 18:31 - 2013-05-24 18:31 - 00002037 ____A C:\Users\OryxMortis\Desktop\JDownloader.lnk
2013-05-24 18:30 - 2013-06-16 10:49 - 00000404 ____A C:\Windows\Tasks\Lyrics Fan Update.job
2013-05-24 18:30 - 2013-05-24 18:30 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-05-24 18:30 - 2013-05-24 18:30 - 00000000 ____D C:\Program Files (x86)\FindLyrics
2013-05-24 18:29 - 2013-05-24 18:29 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\OryxMortis\Downloads\WebInstaller.exe
2013-05-24 18:28 - 2013-05-24 18:28 - 00001476 ____A C:\Users\OryxMortis\Downloads\55cm88r8035u3u3.dlc
2013-05-24 18:09 - 2013-06-09 20:47 - 00000000 ____D C:\Users\OryxMortis\Desktop\nevv
2013-05-24 16:29 - 2013-05-24 16:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-05-24 16:28 - 2013-05-24 16:28 - 20804736 ____A C:\Users\OryxMortis\Downloads\WIZ_setup.exe
2013-05-22 18:26 - 2013-05-22 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 17:59 - 2013-05-20 22:14 - 00000483 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument.txt
2013-05-20 10:30 - 2013-05-20 10:38 - 00000000 ____D C:\Users\OryxMortis\Desktop\Musik
2013-05-20 10:22 - 2013-05-20 10:22 - 13386816 ____A C:\Users\OryxMortis\Downloads\BeautyOfBooks.themepack
2013-05-20 10:22 - 2013-05-20 10:22 - 11321597 ____A C:\Users\OryxMortis\Downloads\EchoesOfThePast.themepack
2013-05-19 21:36 - 2013-05-19 21:42 - 00000328 ____A C:\Users\OryxMortis\Desktop\Selfmade.txt
2013-05-19 20:49 - 2013-05-19 20:51 - 00000000 ____D C:\Wallpapes
2013-05-19 20:45 - 2013-05-19 20:45 - 00000000 ____D C:\Users\OryxMortis\Downloads\Nature5
2013-05-19 20:44 - 2013-05-19 20:44 - 00170279 ____A C:\Users\OryxMortis\Downloads\dreamscene_win7_64.zip
2013-05-19 20:44 - 2013-05-19 20:44 - 00000000 ____D C:\Users\OryxMortis\Downloads\dreamscene_win7_64
2013-05-19 20:43 - 2013-05-19 20:43 - 19732160 ____A C:\Users\OryxMortis\Downloads\Fantasy_View.zip
2013-05-19 20:41 - 2013-05-19 20:42 - 24319264 ____A C:\Users\OryxMortis\Downloads\Highnoon_Falls.zip
2013-05-19 20:40 - 2013-05-19 20:41 - 43299520 ____A C:\Users\OryxMortis\Downloads\Moon_View.zip
2013-05-19 20:40 - 2013-05-19 20:41 - 22601058 ____A C:\Users\OryxMortis\Downloads\Wormhole.zip
2013-05-19 20:40 - 2013-05-19 20:40 - 01866848 ____A C:\Users\OryxMortis\Downloads\Nature5.zip
2013-05-19 20:31 - 2013-05-19 20:31 - 00761633 ____A C:\Users\OryxMortis\Downloads\1368988246_lonely_bench_w1.jpeg
2013-05-19 19:02 - 2013-05-19 19:02 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\Chromium
2013-05-19 17:40 - 2013-05-24 16:34 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-19 17:40 - 2013-05-24 16:32 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-19 17:40 - 2013-05-19 17:40 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\Funcom
==================== One Month Modified Files and Folders =======
2013-06-16 12:19 - 2013-06-16 12:19 - 01920546 ____A (Farbar) C:\Users\OryxMortis\Downloads\FRST64.exe
2013-06-16 12:19 - 2013-06-16 12:19 - 00000000 ____D C:\FRST
2013-06-16 12:08 - 2013-06-16 12:08 - 00006919 ____A C:\Users\OryxMortis\Desktop\GMER.log
2013-06-16 12:08 - 2013-06-16 12:01 - 00104112 ____A C:\Users\OryxMortis\Downloads\OTL.Txt
2013-06-16 12:04 - 2013-06-16 12:04 - 00377856 ____A C:\Users\OryxMortis\Downloads\gmer_2.1.19163.exe
2013-06-16 12:02 - 2013-06-16 12:02 - 00099194 ____A C:\Users\OryxMortis\Downloads\Extras.Txt
2013-06-16 11:56 - 2013-06-16 11:56 - 00602112 ____A (OldTimer Tools) C:\Users\OryxMortis\Downloads\OTL.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00050477 ____A C:\Users\OryxMortis\Downloads\Defogger.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00000482 ____A C:\Users\OryxMortis\Downloads\defogger_disable.log
2013-06-16 11:55 - 2013-06-16 11:55 - 00000000 ____A C:\Users\OryxMortis\defogger_reenable
2013-06-16 11:55 - 2012-12-19 20:08 - 00000000 ___AD C:\users\OryxMortis
2013-06-16 11:45 - 2013-06-16 10:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-16 11:32 - 2013-04-15 19:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 11:21 - 2013-01-03 05:19 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\CrashDumps
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092033.log
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092007.log
2013-06-16 11:20 - 2012-12-19 21:27 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\PMB Files
2013-06-16 11:19 - 2013-06-16 11:19 - 00916072 ____A (F-Secure Corporation) C:\Users\OryxMortis\Downloads\fsbl1067.exe
2013-06-16 10:59 - 2013-04-12 13:34 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-16 10:59 - 2013-04-12 13:34 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Skype
2013-06-16 10:59 - 2013-04-12 13:34 - 00000000 ____D C:\ProgramData\Skype
2013-06-16 10:57 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-16 10:57 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 10:55 - 2011-04-12 09:43 - 00765264 ____A C:\Windows\System32\perfh007.dat
2013-06-16 10:55 - 2011-04-12 09:43 - 00174494 ____A C:\Windows\System32\perfc007.dat
2013-06-16 10:55 - 2009-07-14 07:13 - 01806010 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 10:53 - 2012-12-19 20:08 - 01671810 ____A C:\Windows\WindowsUpdate.log
2013-06-16 10:52 - 2013-06-16 10:52 - 00002216 ____A C:\Users\OryxMortis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00001078 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00000000 ____D C:\Windows\ELAMBKUP
2013-06-16 10:50 - 2013-06-16 10:50 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-16 10:49 - 2013-06-16 10:49 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-06-16 10:49 - 2013-05-24 18:30 - 00000404 ____A C:\Windows\Tasks\Lyrics Fan Update.job
2013-06-16 10:49 - 2013-05-02 18:23 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\LogMeIn Hamachi
2013-06-16 10:49 - 2012-12-19 20:42 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-16 10:49 - 2012-12-19 20:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-16 10:49 - 2012-12-19 20:17 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-06-16 10:49 - 2010-11-21 05:47 - 02936278 ____A C:\Windows\PFRO.log
2013-06-16 10:49 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 10:49 - 2009-07-14 06:51 - 00023967 ____A C:\Windows\setupact.log
2013-06-16 10:46 - 2012-12-19 20:21 - 00000306 _RASH C:\ProgramData\ntuser.pol
2013-06-16 10:46 - 2012-12-19 20:21 - 00000000 ____D C:\ProgramData\Trend Micro
2013-06-16 10:43 - 2013-06-16 10:12 - 188740896 ____A (Kaspersky Lab) C:\Users\OryxMortis\Downloads\pure13.0.2.558DE_4340.exe
2013-06-16 10:35 - 2012-12-19 21:27 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-15 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 18:35 - 2013-06-15 18:13 - 00000000 ____D C:\Users\OryxMortis\Desktop\Chillout
2013-06-15 18:33 - 2013-06-15 18:29 - 00000000 ____D C:\Users\OryxMortis\Desktop\Rap
2013-06-15 09:59 - 2013-06-15 09:39 - 00002193 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (2).txt
2013-06-13 20:39 - 2013-05-25 21:12 - 00000000 ____D C:\Users\OryxMortis\Desktop\mbwCrack
2013-06-12 21:33 - 2012-12-19 20:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 21:33 - 2012-12-19 20:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 11:40 - 2013-03-19 20:57 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\Paint.NET
2013-06-10 00:41 - 2013-06-09 20:12 - 00018513 ____A C:\Users\OryxMortis\Desktop\Ravenloft.odt
2013-06-10 00:40 - 2013-03-08 00:58 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\QtProject
2013-06-09 23:00 - 2013-06-09 22:31 - 00000000 ____D C:\Users\OryxMortis\Desktop\Skilltree
2013-06-09 21:27 - 2013-06-09 21:27 - 00000000 ____D C:\Program Files (x86)\Graphviz 2.28
2013-06-09 21:27 - 2013-06-09 21:25 - 60429312 ____A C:\Users\OryxMortis\Downloads\graphviz-2.28.0.msi
2013-06-09 21:16 - 2013-06-09 21:10 - 00000000 ____D C:\Users\OryxMortis\.freemind
2013-06-09 21:10 - 2013-06-09 21:10 - 13655880 ____A ( ) C:\Users\OryxMortis\Downloads\FreeMind-Windows-Installer-0.9.0-max.exe
2013-06-09 21:10 - 2013-06-09 21:10 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-06-09 20:47 - 2013-05-24 18:09 - 00000000 ____D C:\Users\OryxMortis\Desktop\nevv
2013-06-08 16:08 - 2013-06-15 14:09 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 14:09 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 14:09 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 14:09 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 14:09 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 14:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 14:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 14:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 01:47 - 2013-06-08 01:47 - 00000052 ____A C:\Users\OryxMortis\Desktop\tschuess.bat
2013-06-07 23:57 - 2012-12-19 20:08 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\VirtualStore
2013-06-07 23:52 - 2013-06-07 23:49 - 00000000 ____D C:\Users\OryxMortis\Desktop\Battlefield Vietnam
2013-06-06 16:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-03 22:22 - 2013-06-03 22:14 - 681181264 ____A C:\Users\OryxMortis\Downloads\qt-windows-opensource-5.0.2-mingw47_32-x86-offline.exe
2013-06-03 00:58 - 2013-06-03 00:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-06-02 23:34 - 2013-06-02 23:34 - 00000000 ____D C:\Users\OryxMortis\Desktop\Bewerbung
2013-06-01 10:18 - 2013-06-01 10:16 - 00000000 ____D C:\stuff
2013-05-27 01:16 - 2013-02-06 18:57 - 01779354 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-26 03:31 - 2013-05-26 03:29 - 00000000 ___AD C:\Users\OryxMortis\Desktop\Serious Sam II
2013-05-25 23:34 - 2013-05-25 23:34 - 00000000 ____A C:\Users\OryxMortis\Documents\Neues Textdokument (5).txt
2013-05-25 23:14 - 2013-05-25 21:59 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband
2013-05-25 23:13 - 2013-05-25 22:00 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Mount&Blade Warband
2013-05-25 22:05 - 2013-05-25 21:59 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2013-05-25 22:04 - 2013-05-25 22:04 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband Savegames
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\OryxMortis\Desktop\Mount&Blade Warband.lnk
2013-05-25 21:53 - 2013-05-25 21:58 - 615036714 ____A C:\mb_warband_setup_1153(1).exe
2013-05-25 21:40 - 2013-05-25 21:40 - 00075264 ____A C:\Windows\SysWOW64\Drivers\SSHDRV79.sys
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\UpdatusUser\Desktop\Sacred.lnk
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\OryxMortis\Desktop\Sacred.lnk
2013-05-25 21:14 - 2013-05-25 21:14 - 00000000 ____D C:\Program Files (x86)\Ascaron Entertainment
2013-05-25 21:11 - 2013-05-25 21:11 - 02343582 ____A C:\Users\OryxMortis\Downloads\mbwCrack.rar
2013-05-25 21:07 - 2013-05-25 21:07 - 07032832 ____A C:\Users\OryxMortis\Downloads\PathOfExileInstaller.msi
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\Documents\Empire Earth II
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Sierra
2013-05-25 19:55 - 2012-12-19 20:33 - 00082896 ____A C:\Windows\DirectX.log
2013-05-25 19:40 - 2013-05-25 19:40 - 00000000 ____D C:\Program Files (x86)\The Games Company
2013-05-25 10:21 - 2013-05-25 10:21 - 00000000 ____D C:\Users\OryxMortis\Documents\NeocoreGames
2013-05-25 09:47 - 2013-05-25 09:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-25 01:23 - 2013-05-24 23:21 - 313856613 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part2.rar.part
2013-05-24 23:16 - 2013-05-24 23:16 - 00000222 ____A C:\Users\OryxMortis\Desktop\The Incredible Adventures of Van Helsing.url
2013-05-24 22:35 - 2013-05-24 18:34 - 472907776 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part1.rar
2013-05-24 18:35 - 2013-05-24 18:31 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-24 18:31 - 2013-05-24 18:31 - 00002037 ____A C:\Users\OryxMortis\Desktop\JDownloader.lnk
2013-05-24 18:30 - 2013-05-24 18:30 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-05-24 18:30 - 2013-05-24 18:30 - 00000000 ____D C:\Program Files (x86)\FindLyrics
2013-05-24 18:29 - 2013-05-24 18:29 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\OryxMortis\Downloads\WebInstaller.exe
2013-05-24 18:28 - 2013-05-24 18:28 - 00001476 ____A C:\Users\OryxMortis\Downloads\55cm88r8035u3u3.dlc
2013-05-24 16:34 - 2013-05-19 17:40 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-24 16:32 - 2013-05-19 17:40 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-24 16:29 - 2013-05-24 16:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-05-24 16:28 - 2013-05-24 16:28 - 20804736 ____A C:\Users\OryxMortis\Downloads\WIZ_setup.exe
2013-05-23 16:17 - 2012-12-19 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 18:26 - 2013-05-22 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 22:14 - 2013-05-20 17:59 - 00000483 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument.txt
2013-05-20 10:38 - 2013-05-20 10:30 - 00000000 ____D C:\Users\OryxMortis\Desktop\Musik
2013-05-20 10:22 - 2013-05-20 10:22 - 13386816 ____A C:\Users\OryxMortis\Downloads\BeautyOfBooks.themepack
2013-05-20 10:22 - 2013-05-20 10:22 - 11321597 ____A C:\Users\OryxMortis\Downloads\EchoesOfThePast.themepack
2013-05-19 21:42 - 2013-05-19 21:36 - 00000328 ____A C:\Users\OryxMortis\Desktop\Selfmade.txt
2013-05-19 20:51 - 2013-05-19 20:49 - 00000000 ____D C:\Wallpapes
2013-05-19 20:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-05-19 20:45 - 2013-05-19 20:45 - 00000000 ____D C:\Users\OryxMortis\Downloads\Nature5
2013-05-19 20:44 - 2013-05-19 20:44 - 00170279 ____A C:\Users\OryxMortis\Downloads\dreamscene_win7_64.zip
2013-05-19 20:44 - 2013-05-19 20:44 - 00000000 ____D C:\Users\OryxMortis\Downloads\dreamscene_win7_64
2013-05-19 20:43 - 2013-05-19 20:43 - 19732160 ____A C:\Users\OryxMortis\Downloads\Fantasy_View.zip
2013-05-19 20:42 - 2013-05-19 20:41 - 24319264 ____A C:\Users\OryxMortis\Downloads\Highnoon_Falls.zip
2013-05-19 20:41 - 2013-05-19 20:40 - 43299520 ____A C:\Users\OryxMortis\Downloads\Moon_View.zip
2013-05-19 20:41 - 2013-05-19 20:40 - 22601058 ____A C:\Users\OryxMortis\Downloads\Wormhole.zip
2013-05-19 20:40 - 2013-05-19 20:40 - 01866848 ____A C:\Users\OryxMortis\Downloads\Nature5.zip
2013-05-19 20:31 - 2013-05-19 20:31 - 00761633 ____A C:\Users\OryxMortis\Downloads\1368988246_lonely_bench_w1.jpeg
2013-05-19 19:02 - 2013-05-19 19:02 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\Chromium
2013-05-19 17:40 - 2013-05-19 17:40 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\Funcom
2013-05-17 03:25 - 2013-06-14 01:10 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 03:25 - 2013-06-14 01:10 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-17 02:59 - 2013-06-14 01:10 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 02:59 - 2013-06-14 01:10 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-17 02:58 - 2013-06-14 01:10 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 02:58 - 2013-06-14 01:10 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 02:58 - 2013-06-14 01:10 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 02:58 - 2013-06-14 01:10 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-17 02:58 - 2013-06-14 01:10 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-17 02:58 - 2013-06-14 01:10 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 02:58 - 2013-06-14 01:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 18:39
==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by OryxMortis at 2013-06-16 12:20:13 Run:
Running from C:\Users\OryxMortis\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Acrobat XI Pro (Version: 11.0.01)
Adobe AIR (Version: 3.5.0.880)
Adobe Download Assistant (Version: 1.2.3)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI - Deutsch (Version: 11.0.00)
Age of Conan: Unchained - EU version
Aptana Studio 3 (Version: 3.0.1)
Assassin's Creed (R) III (Version: 1.01)
Audacity 2.0.3 (Version: 2.0.3)
Avidemux 2.6 (32-bit) (Version: 2.6.3.8518)
Blender (Version: 2.65a-release)
Call of Duty: Black Ops - Multiplayer
CodeBlocks (Version: 12.11)
CopperCube 4.0.1 (remove only)
D3DX10 (Version: 15.4.2368.0902)
Diablo II
Diablo III (Version: 1.0.6.13644)
Dragon Age: Origins (Version: 1.00)
Dungeon Siege 2
Empire Earth Ultimate Edition (Version: 1.0)
Fotogalerie (Version: 16.4.3505.0912)
Free YouTube Download version 3.2.1.320 (Version: 3.2.1.320)
FreeMind (Version: 0.9.0)
GIMP 2.8.2 (Version: 2.8.2)
Graphviz 2.28 (Version: 2.28.0)
GTK+ 3.4.2 Bundle
GUILD WARS
Guild Wars 2
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2565057) (Version: 1)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (Version: 1)
ICQ 8.0 (build 5977, für aktuellen Benutzer) (Version: 8.0.5977.0)
Intel(R) Management Engine Components (Version: 8.0.10.1464)
Intel(R) Smart Connect Technology 2.0 x64 (Version: 2.0.1083.0)
Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.225)
Intel® Trusted Connect Service Client (Version: 1.23.943.1)
Java 7 Update 11 (Version: 7.0.110)
Java 7 Update 13 (64-bit) (Version: 7.0.130)
Java Auto Updater (Version: 2.1.9.0)
Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130)
JDownloader 0.9 (Version: 0.9)
KaloMa 4.72
Kaspersky PURE 3.0 (Version: 13.0.2.558)
League of Legends (Version: 1.3)
LogMeIn Hamachi (Version: 2.1.0.362)
Lyrics Fan
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Mount&Blade Warband
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Native Instruments Audio 2 DJ Driver (Version: 3.0.3.696)
Native Instruments Controller Editor (Version: 1.5.2.1142)
Native Instruments Service Center (Version: 2.3.2.926)
Native Instruments Traktor 2 (Version: 2.6.0.14627)
Native Instruments Traktor Audio 2 Driver (Version: 3.0.3.696)
NVIDIA 3D Vision Controller-Treiber 306.38 (Version: 306.38)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.0807)
NVIDIA PhysX-Systemsoftware 9.12.0807 (Version: 9.12.0807)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.6.0.8)
Path of Exile (Version: 0.9.13.22054)
PDF24 Creator 5.4.0
Photo Gallery (Version: 16.4.3505.0912)
Power Tab Editor 1.7 (Version: 1.7.0)
PoxNora
PunkBuster Services (Version: 0.991)
Python 3.3.0 (64-bit) (Version: 3.3.150)
Qt 5.0.1 (Version: 5.0.1)
RCRN v3.6 - Steam Workshop Optimized
Realtek Ethernet Controller Driver (Version: 7.53.216.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6631)
REAPER (x64)
Ruby 1.9.3-p385 (Version: 1.9.3-p385)
Sacred
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Skype™ 6.3 (Version: 6.3.105)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Star Wars(TM): Knights of the Old Republic (TM)
Steam (Version: 1.0.0.0)
Super-Charger (Version: 1.2.010)
The Elder Scrolls V: Skyrim
The Incredible Adventures of Van Helsing
Torchlight II
Unity (Version: )
Unity Web Player (Version: )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Uplay (Version: 2.0)
WAV To MP3 V2
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Winki (Version: 3.2.123)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Wizardry Online (Version: 1.0.3.183)
World of Warcraft (Version: 5.2.0.16826)
wxWidgets 2.8.12
==================== Restore Points =========================
09-06-2013 09:28:49 Geplanter Prüfpunkt
09-06-2013 19:27:24 Installed Graphviz 2.28
13-06-2013 23:09:52 Windows Update
15-06-2013 12:08:47 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2013 11:20:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: fsbl1067.exe, Version: 2.2.1067.0, Zeitstempel: 0x47039cee
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d00f5
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xfsbl1067.exe0
Pfad der fehlerhaften Anwendung: fsbl1067.exe1
Pfad des fehlerhaften Moduls: fsbl1067.exe2
Berichtskennung: fsbl1067.exe3
Error: (06/16/2013 11:20:08 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: fsbl1067.exe, Version: 2.2.1067.0, Zeitstempel: 0x47039cee
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d00f5
ID des fehlerhaften Prozesses: 0x8d4
Startzeit der fehlerhaften Anwendung: 0xfsbl1067.exe0
Pfad der fehlerhaften Anwendung: fsbl1067.exe1
Pfad des fehlerhaften Moduls: fsbl1067.exe2
Berichtskennung: fsbl1067.exe3
Error: (06/16/2013 10:50:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2013 10:49:16 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (06/16/2013 08:15:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2013 08:13:52 AM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (06/16/2013 02:13:38 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/16/2013 02:13:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/15/2013 08:49:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/15/2013 08:49:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (06/16/2013 10:52:31 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JONAS-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0411C608-E4C9-452D-A48E-04039EB38100}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/16/2013 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/16/2013 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/16/2013 10:48:56 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\SSHDRV79.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/16/2013 08:16:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/16/2013 08:16:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/16/2013 08:13:37 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\SSHDRV79.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/16/2013 02:13:51 AM) (Source: DCOM) (User: )
Description: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}
Error: (06/16/2013 02:13:31 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/15/2013 05:46:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (06/16/2013 11:20:33 AM) (Source: Application Error)(User: )
Description: fsbl1067.exe2.2.1067.047039ceeunknown0.0.0.000000000c0000005000d00f5169401ce6a72bfe56ef9C:\Users\OryxMortis\Downloads\fsbl1067.exeunknownfec1b454-d665-11e2-8844-d43d7e05fe6c
Error: (06/16/2013 11:20:08 AM) (Source: Application Error)(User: )
Description: fsbl1067.exe2.2.1067.047039ceeunknown0.0.0.000000000c0000005000d00f58d401ce6a72b00972a6C:\Users\OryxMortis\Downloads\fsbl1067.exeunknownef6c2809-d665-11e2-8844-d43d7e05fe6c
Error: (06/16/2013 10:50:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2013 10:49:16 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (06/16/2013 08:15:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2013 08:13:52 AM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (06/16/2013 02:13:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Graphviz 2.28\bin\testapp.exe
Error: (06/16/2013 02:13:33 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Graphviz 2.28\bin\smyrna.exe
Error: (06/15/2013 08:49:36 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Graphviz 2.28\bin\testapp.exe
Error: (06/15/2013 08:49:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Graphviz 2.28\bin\smyrna.exe
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 8141.57 MB
Available physical RAM: 5488.8 MB
Total Pagefile: 16281.32 MB
Available Pagefile: 13172.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:155.71 GB) NTFS (Disk=0 Partition=2)
Drive d: (EC_101999) (CDROM) (Total:7.63 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 87BF19E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.06.2013, 11:45
| #4 | |
| /// the machine /// TB-Ausbilder | Hohe Pings, langsames Streaming und keinen Schimmer woher.Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 12:13
| #5 |
| | Hohe Pings, langsames Streaming und keinen Schimmer woher. Die hätte ich jetzt auch ^^ : Code:
ATTFilter ComboFix 13-06-15.01 - OryxMortis 16.06.2013 13:01:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8142.5275 [GMT 2:00]
ausgeführt von:: c:\users\OryxMortis\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\DreamScene.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 ))))))))))))))))))))))))))))))
.
.
2013-06-16 11:06 . 2013-06-16 11:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-16 11:06 . 2013-06-16 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-16 10:19 . 2013-06-16 10:19 -------- d-----w- C:\FRST
2013-06-16 08:51 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-06-16 08:51 . 2011-06-02 12:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-06-16 08:51 . 2013-06-16 08:51 -------- dc----w- c:\windows\system32\DRVSTORE
2013-06-16 08:51 . 2011-06-02 12:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2013-06-16 08:51 . 2013-06-16 08:51 -------- d-----w- c:\windows\ELAMBKUP
2013-06-16 08:50 . 2013-06-16 08:50 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2013-06-16 08:50 . 2013-06-16 09:45 -------- d-----w- c:\programdata\Kaspersky Lab
2013-06-16 08:50 . 2013-06-16 08:50 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-06-16 08:50 . 2012-11-02 13:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-06-16 08:50 . 2012-11-02 13:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-06-16 08:49 . 2013-06-16 08:49 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-06-13 23:10 . 2013-05-17 01:25 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-13 14:41 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 19:27 . 2013-06-09 19:27 -------- d-----w- c:\program files (x86)\Graphviz 2.28
2013-06-09 19:10 . 2013-06-09 19:16 -------- d-----w- c:\users\OryxMortis\.freemind
2013-06-09 19:10 . 2013-06-09 19:10 -------- d-----w- c:\program files (x86)\FreeMind
2013-06-02 22:58 . 2013-06-02 22:58 -------- d-----w- c:\programdata\Hewlett-Packard
2013-06-02 22:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2013-06-01 08:16 . 2013-06-01 08:18 -------- d-----w- C:\stuff
2013-05-25 20:00 . 2013-05-25 21:13 -------- d-----w- c:\users\OryxMortis\AppData\Roaming\Mount&Blade Warband
2013-05-25 19:59 . 2013-05-25 20:05 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2013-05-25 19:58 . 2013-05-25 19:53 615036714 ----a-w- C:\mb_warband_setup_1153(1).exe
2013-05-25 19:40 . 2013-05-25 19:40 75264 ----a-w- c:\windows\SysWow64\drivers\SSHDRV79.sys
2013-05-25 19:14 . 2013-05-25 19:14 -------- d-----w- c:\program files (x86)\Ascaron Entertainment
2013-05-25 18:56 . 2013-05-25 18:56 -------- d-----w- c:\users\OryxMortis\AppData\Roaming\Sierra
2013-05-25 17:40 . 2013-05-25 17:40 -------- d-----w- c:\program files (x86)\The Games Company
2013-05-25 07:47 . 2013-05-25 07:47 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-05-24 16:31 . 2013-05-24 16:35 -------- d-----w- c:\program files (x86)\JDownloader
2013-05-24 16:30 . 2013-05-24 16:30 -------- d-----w- c:\program files (x86)\LyricsFan
2013-05-24 16:30 . 2013-05-24 16:30 -------- d-----w- c:\program files (x86)\FindLyrics
2013-05-24 14:29 . 2013-05-24 14:29 -------- d-----w- c:\users\Public\Sony Online Entertainment
2013-05-19 18:49 . 2013-05-19 18:51 -------- d-----w- C:\Wallpapes
2013-05-19 18:48 . 2008-11-05 04:30 16180 ----a-w- c:\windows\system\Dscene.reg
2013-05-19 17:02 . 2013-05-19 17:02 -------- d-----w- c:\users\OryxMortis\AppData\Local\Chromium
2013-05-19 15:40 . 2013-05-19 15:40 -------- d-----w- c:\users\OryxMortis\AppData\Local\Funcom
2013-05-19 15:40 . 2013-05-24 14:32 -------- d--h--w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-16 08:49 . 2012-12-19 18:17 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-06-12 19:33 . 2012-12-19 18:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:33 . 2012-12-19 18:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 08:06 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-21 22:50 . 2013-04-21 22:50 121856 ----a-w- c:\windows\xmllite.dll
2013-04-14 23:36 . 2013-02-08 13:25 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2013-04-13 05:49 . 2013-05-14 17:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 17:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 17:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 17:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 17:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 17:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 22:25 . 2013-04-12 22:25 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2013-04-12 14:45 . 2013-04-24 14:18 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 17:09 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 17:09 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 17:09 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 01:01 . 2013-04-02 01:01 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 01:01 . 2013-04-02 01:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 01:01 . 2013-04-02 01:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 01:01 . 2013-04-02 01:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 01:01 . 2013-04-02 01:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 01:01 . 2013-04-02 01:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 01:01 . 2013-04-02 01:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 01:01 . 2013-04-02 01:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 01:01 . 2013-04-02 01:01 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 01:01 . 2013-04-02 01:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 01:01 . 2013-04-02 01:01 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 01:01 . 2013-04-02 01:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 01:01 . 2013-04-02 01:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 01:01 . 2013-04-02 01:01 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 01:01 . 2013-04-02 01:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 01:01 . 2013-04-02 01:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 01:01 . 2013-04-02 01:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 01:01 . 2013-04-02 01:01 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 01:01 . 2013-04-02 01:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 01:01 . 2013-04-02 01:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 01:01 . 2013-04-02 01:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 01:01 . 2013-04-02 01:01 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 01:01 . 2013-04-02 01:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 01:01 . 2013-04-02 01:01 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 01:01 . 2013-04-02 01:01 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 01:01 . 2013-04-02 01:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 01:01 . 2013-04-02 01:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 01:01 . 2013-04-02 01:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 01:01 . 2013-04-02 01:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 01:01 . 2013-04-02 01:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 01:01 . 2013-04-02 01:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 01:01 . 2013-04-02 01:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 01:01 . 2013-04-02 01:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 01:01 . 2013-04-02 01:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 01:01 . 2013-04-02 01:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 01:01 . 2013-04-02 01:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 01:01 . 2013-04-02 01:01 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 01:01 . 2013-04-02 01:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 01:01 . 2013-04-02 01:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 01:01 . 2013-04-02 01:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 01:01 . 2013-04-02 01:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 01:01 . 2013-04-02 01:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 01:01 . 2013-04-02 01:01 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 01:01 . 2013-04-02 01:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 01:01 . 2013-04-02 01:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 01:01 . 2013-04-02 01:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 01:01 . 2013-04-02 01:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 01:01 . 2013-04-02 01:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 01:01 . 2013-04-02 01:01 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 20:23 . 2013-03-22 20:20 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2013-03-22 20:23 . 2013-03-22 20:20 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2013-03-22 20:23 . 2013-03-22 20:20 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2013-03-22 19:55 . 2013-03-22 19:55 2829 ----a-w- c:\windows\DIIUnin.pif
2013-03-22 19:55 . 2013-03-22 19:55 102400 ----a-w- c:\windows\DIIUnin.exe
2013-03-19 06:04 . 2013-04-10 16:19 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-14 17:09 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-14 17:09 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-10 16:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 16:19 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 16:19 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 16:19 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 16:19 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A8720491-9558-4C0D-9E35-30EED15DFB2B}]
2013-06-03 12:08 127488 ----a-w- c:\program files (x86)\LyricsFan\lrcfan.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
"icq"="c:\users\OryxMortis\AppData\Roaming\ICQM\icq.exe" [2012-12-20 26596344]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-05-22 502328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys;c:\windows\SYSNATIVE\drivers\SSHDRV79.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 ta2avs;Traktor Audio 2 WDM Audio;c:\windows\system32\Drivers\ta2avs.sys;c:\windows\SYSNATIVE\Drivers\ta2avs.sys [x]
R3 ta2usb_svc;Traktor Audio 2;c:\windows\system32\Drivers\ta2usb.sys;c:\windows\SYSNATIVE\Drivers\ta2usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CSCRYSEC
*NewlyCreated* - CSVIRTUALDISKDRV
*NewlyCreated* - KL1
*NewlyCreated* - KLIF
*NewlyCreated* - KLIM6
*NewlyCreated* - KLTDI
*NewlyCreated* - KNEPS
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - PXDOYFOW
*Deregistered* - pxdoyfow
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 19:33]
.
2013-06-16 c:\windows\Tasks\Lyrics Fan Update.job
- c:\program files (x86)\LyricsFan\LyricsFanUpdater.exe [2013-06-03 12:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-05-08 6470760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-24 18:30; lrcfan@fansoft.br; c:\program files (x86)\LyricsFan\FF
FF - ExtSQL: 2013-06-16 10:50; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-06-16 10:51; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-06-16 10:51; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-06-16 10:51; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-06-16 10:51; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Pando Media Booster - c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-CopperCube 4.0.1 - c:\users\OryxMortis\Desktop\Irre\CopperCube 4.0.1\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16 13:09:57
ComboFix-quarantined-files.txt 2013-06-16 11:09
.
Vor Suchlauf: 30 Verzeichnis(se), 168.844.517.376 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 170.012.348.416 Bytes frei
.
- - End Of File - - 33C32D86A14852780EC0A1BE071F08C3
A36C5E4F47E84449FF07ED3517B43A31
|
|
16.06.2013, 18:07
| #6 |
| /// the machine /// TB-Ausbilder | Hohe Pings, langsames Streaming und keinen Schimmer woher. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Logfile. Noch Probleme?
__________________ --> Hohe Pings, langsames Streaming und keinen Schimmer woher. |
|
19.06.2013, 21:19
| #7 |
| | Hohe Pings, langsames Streaming und keinen Schimmer woher. Das letzte Programm hat nicht funktioniert, Fehlermeldung bzgl Betriebssystem. Ich hatte Kompatiblitätsmodus und als Admin ausführn natürlich versucht. Hat nichts geholfen, hier die Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6535ee6e46892247a47924dc06d014f5
# engine=14089
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-16 08:09:50
# local_time=2013-06-16 10:09:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 68819167 123043240 0 0
# scanned=329247
# found=0
# cleaned=0
# scan_time=7528
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 16/06/2013 um 19:45:51 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : OryxMortis - ORYXMORTIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\OryxMortis\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\FindLyrics
Ordner Gelöscht : C:\Users\OryxMortis\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\OryxMortis\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\prefs.js
C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1302 octets] - [16/06/2013 19:45:51]
########## EOF - C:\AdwCleaner[S1].txt - [1362 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by OryxMortis on 16.06.2013 at 19:51:37,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\OryxMortis\AppData\Roaming\mozilla\firefox\profiles\ftecxqfy.default\minidumps [199 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.06.2013 at 19:54:33,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CODE] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 (ATTENTION: FRST version is 6 days old)
Ran by OryxMortis (administrator) on 19-06-2013 22:16:18
Running from C:\Users\OryxMortis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(ICQ) C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6470760 2012-05-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [icq] C:\Users\OryxMortis\AppData\Roaming\ICQM\icq.exe -CU [26596344 2012-12-20] (ICQ)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-05-22] (MSI)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [356968 2012-12-20] (Kaspersky Lab ZAO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Lyrics Fan - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\Extensions\ich@maltegoetz.de
FF Extension: FireShot - C:\Users\OryxMortis\AppData\Roaming\Mozilla\Firefox\Profiles\ftecxqfy.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-20] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2012-11-02] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-10-18] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S1 SSHDRV79; C:\Windows\SysWow64\drivers\SSHDRV79.sys [75264 2013-05-25] ()
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [79952 2012-02-22] (Native Instruments GmbH)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-06-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S1 SSHDRV79; \??\C:\Windows\system32\drivers\SSHDRV79.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-19 22:13 - 2013-06-19 22:13 - 00049256 ____A C:\Users\OryxMortis\Desktop\FRSTNEU.txt
2013-06-19 22:11 - 2013-06-19 22:11 - 00609336 ____A C:\Users\OryxMortis\Downloads\setup.exe
2013-06-19 21:27 - 2013-06-19 21:29 - 00000000 ____D C:\Users\OryxMortis\Desktop\stuff
2013-06-19 21:27 - 2013-06-19 21:28 - 00000000 ____D C:\Users\OryxMortis\Desktop\Ablauf
2013-06-19 20:55 - 2013-06-19 21:15 - 00016147 ____A C:\Users\OryxMortis\Desktop\Musik Anne.odt
2013-06-19 20:12 - 2013-06-19 20:51 - 00001935 ____A C:\Users\OryxMortis\Desktop\Gedicht für Anne.txt
2013-06-19 19:41 - 2013-06-19 19:53 - 20938461 ____A C:\Users\OryxMortis\Downloads\clipFC509.wmv
2013-06-19 15:31 - 2013-06-19 15:31 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-06-19 00:56 - 2013-06-19 01:44 - 00013530 ____A C:\Users\OryxMortis\Desktop\Zeugnis.odt
2013-06-17 18:31 - 2013-06-17 18:31 - 00002164 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (5).txt
2013-06-16 22:25 - 2013-06-16 22:26 - 00000000 ____D C:\Users\OryxMortis\Desktop\Tabs
2013-06-16 22:22 - 2013-06-16 22:22 - 00007658 ____A C:\Users\OryxMortis\Downloads\WoW - Call to Arms.mid
2013-06-16 22:11 - 2013-06-16 22:11 - 00890839 ____A C:\Users\OryxMortis\Downloads\SecurityCheck.exe
2013-06-16 21:28 - 2013-06-16 23:53 - 00000035 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (4).txt
2013-06-16 19:57 - 2013-06-16 19:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-16 19:56 - 2013-06-16 19:57 - 02347384 ____A (ESET) C:\Users\OryxMortis\Desktop\esetsmartinstaller_enu.exe
2013-06-16 19:54 - 2013-06-16 19:55 - 00000768 ____A C:\Users\OryxMortis\Desktop\JRT.txt
2013-06-16 19:51 - 2013-06-16 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\OryxMortis\Desktop\JRT.exe
2013-06-16 19:51 - 2013-06-16 19:51 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 19:51 - 2013-06-16 19:51 - 00000000 ____D C:\JRT
2013-06-16 19:48 - 2013-06-16 19:48 - 00001431 ____A C:\Users\OryxMortis\Desktop\AdwCleaner[S1].txt
2013-06-16 19:45 - 2013-06-16 19:46 - 00001431 ____A C:\AdwCleaner[S1].txt
2013-06-16 19:44 - 2013-06-16 19:44 - 00648201 ____A C:\Users\OryxMortis\Desktop\adwcleaner.exe
2013-06-16 16:11 - 2013-06-16 16:14 - 00000144 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (3).txt
2013-06-16 13:09 - 2013-06-16 13:09 - 00028543 ____A C:\ComboFix.txt
2013-06-16 13:00 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-16 13:00 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-16 13:00 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-16 13:00 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-16 13:00 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-16 13:00 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-16 13:00 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-16 13:00 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-16 12:58 - 2013-06-16 13:09 - 00000000 ____D C:\Qoobox
2013-06-16 12:57 - 2013-06-16 13:09 - 00000000 ____D C:\Windows\erdnt
2013-06-16 12:55 - 2013-06-16 12:56 - 05080151 ____R (Swearware) C:\Users\OryxMortis\Desktop\ComboFix.exe
2013-06-16 12:20 - 2013-06-16 12:20 - 00046671 ____A C:\Users\OryxMortis\Desktop\FRST.txt
2013-06-16 12:20 - 2013-06-16 12:20 - 00018023 ____A C:\Users\OryxMortis\Downloads\Addition.txt
2013-06-16 12:20 - 2013-06-16 12:20 - 00018023 ____A C:\Users\OryxMortis\Desktop\Addition.txt
2013-06-16 12:19 - 2013-06-16 12:19 - 01920546 ____A (Farbar) C:\Users\OryxMortis\Downloads\FRST64.exe
2013-06-16 12:19 - 2013-06-16 12:19 - 00000000 ____D C:\FRST
2013-06-16 12:08 - 2013-06-16 12:08 - 00006919 ____A C:\Users\OryxMortis\Desktop\GMER.log
2013-06-16 12:04 - 2013-06-16 12:04 - 00377856 ____A C:\Users\OryxMortis\Downloads\gmer_2.1.19163.exe
2013-06-16 12:02 - 2013-06-16 12:02 - 00099194 ____A C:\Users\OryxMortis\Downloads\Extras.Txt
2013-06-16 12:01 - 2013-06-16 12:08 - 00104112 ____A C:\Users\OryxMortis\Downloads\OTL.Txt
2013-06-16 11:56 - 2013-06-16 11:56 - 00602112 ____A (OldTimer Tools) C:\Users\OryxMortis\Downloads\OTL.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00050477 ____A C:\Users\OryxMortis\Downloads\Defogger.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00000482 ____A C:\Users\OryxMortis\Downloads\defogger_disable.log
2013-06-16 11:55 - 2013-06-16 11:55 - 00000000 ____A C:\Users\OryxMortis\defogger_reenable
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092033.log
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092007.log
2013-06-16 11:19 - 2013-06-16 11:19 - 00916072 ____A (F-Secure Corporation) C:\Users\OryxMortis\Downloads\fsbl1067.exe
2013-06-16 10:52 - 2013-06-16 10:52 - 00002216 ____A C:\Users\OryxMortis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00001078 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00000000 ____D C:\Windows\ELAMBKUP
2013-06-16 10:51 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-06-16 10:51 - 2011-06-02 14:39 - 00084536 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2013-06-16 10:51 - 2011-06-02 14:39 - 00066616 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2013-06-16 10:50 - 2013-06-19 21:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-16 10:50 - 2013-06-16 10:50 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-16 10:50 - 2012-11-02 15:48 - 00613720 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2013-06-16 10:50 - 2012-11-02 15:48 - 00089944 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2013-06-16 10:12 - 2013-06-16 10:43 - 188740896 ____A (Kaspersky Lab) C:\Users\OryxMortis\Downloads\pure13.0.2.558DE_4340.exe
2013-06-15 18:29 - 2013-06-15 18:33 - 00000000 ____D C:\Users\OryxMortis\Desktop\Rap
2013-06-15 18:13 - 2013-06-15 18:35 - 00000000 ____D C:\Users\OryxMortis\Desktop\Chillout
2013-06-15 14:09 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 14:09 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 14:09 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 14:09 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 14:09 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 14:09 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 14:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 14:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 14:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 09:39 - 2013-06-18 01:22 - 00002164 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (2).txt
2013-06-14 01:10 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 01:10 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-14 01:10 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 01:10 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 01:10 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 01:10 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 01:10 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-14 01:10 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 16:41 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 16:36 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 16:36 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 16:36 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 16:36 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 16:36 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 16:36 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 16:36 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 16:36 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 16:36 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 16:36 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 16:36 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 16:36 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 16:36 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 16:36 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 16:36 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 16:36 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 16:36 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 16:36 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 22:31 - 2013-06-09 23:00 - 00000000 ____D C:\Users\OryxMortis\Desktop\Skilltree
2013-06-09 21:27 - 2013-06-09 21:27 - 00000000 ____D C:\Program Files (x86)\Graphviz 2.28
2013-06-09 21:25 - 2013-06-09 21:27 - 60429312 ____A C:\Users\OryxMortis\Downloads\graphviz-2.28.0.msi
2013-06-09 21:10 - 2013-06-09 21:16 - 00000000 ____D C:\Users\OryxMortis\.freemind
2013-06-09 21:10 - 2013-06-09 21:10 - 13655880 ____A ( ) C:\Users\OryxMortis\Downloads\FreeMind-Windows-Installer-0.9.0-max.exe
2013-06-09 21:10 - 2013-06-09 21:10 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-06-09 20:12 - 2013-06-10 00:41 - 00018513 ____A C:\Users\OryxMortis\Desktop\Ravenloft.odt
2013-06-08 01:47 - 2013-06-08 01:47 - 00000052 ____A C:\Users\OryxMortis\Desktop\tschuess.bat
2013-06-07 23:49 - 2013-06-07 23:52 - 00000000 ____D C:\Users\OryxMortis\Desktop\Battlefield Vietnam
2013-06-03 22:14 - 2013-06-03 22:22 - 681181264 ____A C:\Users\OryxMortis\Downloads\qt-windows-opensource-5.0.2-mingw47_32-x86-offline.exe
2013-06-03 00:58 - 2013-06-03 00:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-06-02 23:34 - 2013-06-02 23:34 - 00000000 ____D C:\Users\OryxMortis\Desktop\Bewerbung
2013-06-01 10:16 - 2013-06-01 10:18 - 00000000 ____D C:\stuff
2013-05-26 03:29 - 2013-05-26 03:31 - 00000000 ___AD C:\Users\OryxMortis\Desktop\Serious Sam II
2013-05-25 23:34 - 2013-05-25 23:34 - 00000000 ____A C:\Users\OryxMortis\Documents\Neues Textdokument (5).txt
2013-05-25 22:04 - 2013-05-25 22:04 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband Savegames
2013-05-25 22:04 - 2012-05-21 16:01 - 06518272 ____A ( Taleworlds Entertainment) C:\Users\OryxMortis\Desktop\mb_warband.exe
2013-05-25 22:00 - 2013-05-25 23:13 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Mount&Blade Warband
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\OryxMortis\Desktop\Mount&Blade Warband.lnk
2013-05-25 21:59 - 2013-05-25 23:14 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband
2013-05-25 21:59 - 2013-05-25 22:05 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2013-05-25 21:58 - 2013-05-25 21:53 - 615036714 ____A C:\mb_warband_setup_1153(1).exe
2013-05-25 21:40 - 2013-05-25 21:40 - 00075264 ____A C:\Windows\SysWOW64\Drivers\SSHDRV79.sys
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\UpdatusUser\Desktop\Sacred.lnk
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\OryxMortis\Desktop\Sacred.lnk
2013-05-25 21:14 - 2013-05-25 21:14 - 00000000 ____D C:\Program Files (x86)\Ascaron Entertainment
2013-05-25 21:12 - 2013-06-13 20:39 - 00000000 ____D C:\Users\OryxMortis\Desktop\mbwCrack
2013-05-25 21:11 - 2013-05-25 21:11 - 02343582 ____A C:\Users\OryxMortis\Downloads\mbwCrack.rar
2013-05-25 21:07 - 2013-05-25 21:07 - 07032832 ____A C:\Users\OryxMortis\Downloads\PathOfExileInstaller.msi
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\Documents\Empire Earth II
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Sierra
2013-05-25 19:40 - 2013-05-25 19:40 - 00000000 ____D C:\Program Files (x86)\The Games Company
2013-05-25 10:21 - 2013-05-25 10:21 - 00000000 ____D C:\Users\OryxMortis\Documents\NeocoreGames
2013-05-25 09:47 - 2013-05-25 09:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-24 23:21 - 2013-05-25 01:23 - 313856613 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part2.rar.part
2013-05-24 23:16 - 2013-05-24 23:16 - 00000222 ____A C:\Users\OryxMortis\Desktop\The Incredible Adventures of Van Helsing.url
2013-05-24 18:34 - 2013-05-24 22:35 - 472907776 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part1.rar
2013-05-24 18:31 - 2013-05-24 18:35 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-24 18:31 - 2013-05-24 18:31 - 00002037 ____A C:\Users\OryxMortis\Desktop\JDownloader.lnk
2013-05-24 18:30 - 2013-06-19 16:03 - 00000404 ____A C:\Windows\Tasks\Lyrics Fan Update.job
2013-05-24 18:30 - 2013-05-24 18:30 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-05-24 18:29 - 2013-05-24 18:29 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\OryxMortis\Downloads\WebInstaller.exe
2013-05-24 18:28 - 2013-05-24 18:28 - 00001476 ____A C:\Users\OryxMortis\Downloads\55cm88r8035u3u3.dlc
2013-05-24 18:09 - 2013-06-09 20:47 - 00000000 ____D C:\Users\OryxMortis\Desktop\nevv
2013-05-24 16:29 - 2013-05-24 16:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-05-24 16:28 - 2013-05-24 16:28 - 20804736 ____A C:\Users\OryxMortis\Downloads\WIZ_setup.exe
2013-05-22 18:26 - 2013-05-22 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 17:59 - 2013-05-20 22:14 - 00000483 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument.txt
2013-05-20 10:30 - 2013-05-20 10:38 - 00000000 ____D C:\Users\OryxMortis\Desktop\Musik
2013-05-20 10:22 - 2013-05-20 10:22 - 13386816 ____A C:\Users\OryxMortis\Downloads\BeautyOfBooks.themepack
2013-05-20 10:22 - 2013-05-20 10:22 - 11321597 ____A C:\Users\OryxMortis\Downloads\EchoesOfThePast.themepack
==================== One Month Modified Files and Folders =======
2013-06-19 22:15 - 2013-05-02 18:23 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\LogMeIn Hamachi
2013-06-19 22:15 - 2013-04-12 13:34 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Skype
2013-06-19 22:13 - 2013-06-19 22:13 - 00049256 ____A C:\Users\OryxMortis\Desktop\FRSTNEU.txt
2013-06-19 22:11 - 2013-06-19 22:11 - 00609336 ____A C:\Users\OryxMortis\Downloads\setup.exe
2013-06-19 21:50 - 2013-06-16 10:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-19 21:32 - 2013-04-15 19:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 21:29 - 2013-06-19 21:27 - 00000000 ____D C:\Users\OryxMortis\Desktop\stuff
2013-06-19 21:28 - 2013-06-19 21:27 - 00000000 ____D C:\Users\OryxMortis\Desktop\Ablauf
2013-06-19 21:22 - 2012-12-19 20:08 - 01929573 ____A C:\Windows\WindowsUpdate.log
2013-06-19 21:15 - 2013-06-19 20:55 - 00016147 ____A C:\Users\OryxMortis\Desktop\Musik Anne.odt
2013-06-19 20:51 - 2013-06-19 20:12 - 00001935 ____A C:\Users\OryxMortis\Desktop\Gedicht für Anne.txt
2013-06-19 19:53 - 2013-06-19 19:41 - 20938461 ____A C:\Users\OryxMortis\Downloads\clipFC509.wmv
2013-06-19 16:03 - 2013-05-24 18:30 - 00000404 ____A C:\Windows\Tasks\Lyrics Fan Update.job
2013-06-19 15:38 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 15:38 - 2009-07-14 06:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 15:35 - 2011-04-12 09:43 - 00765264 ____A C:\Windows\System32\perfh007.dat
2013-06-19 15:35 - 2011-04-12 09:43 - 00174494 ____A C:\Windows\System32\perfc007.dat
2013-06-19 15:35 - 2009-07-14 07:13 - 01806010 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 15:31 - 2013-06-19 15:31 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-06-19 15:31 - 2012-12-19 20:42 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-19 15:31 - 2012-12-19 20:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-19 15:31 - 2012-12-19 20:17 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-06-19 15:31 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 15:31 - 2009-07-14 06:51 - 00024359 ____A C:\Windows\setupact.log
2013-06-19 15:30 - 2010-11-21 05:47 - 02939050 ____A C:\Windows\PFRO.log
2013-06-19 01:44 - 2013-06-19 00:56 - 00013530 ____A C:\Users\OryxMortis\Desktop\Zeugnis.odt
2013-06-18 01:22 - 2013-06-15 09:39 - 00002164 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (2).txt
2013-06-17 18:31 - 2013-06-17 18:31 - 00002164 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (5).txt
2013-06-17 11:42 - 2013-01-03 05:19 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\CrashDumps
2013-06-16 23:53 - 2013-06-16 21:28 - 00000035 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (4).txt
2013-06-16 22:26 - 2013-06-16 22:25 - 00000000 ____D C:\Users\OryxMortis\Desktop\Tabs
2013-06-16 22:22 - 2013-06-16 22:22 - 00007658 ____A C:\Users\OryxMortis\Downloads\WoW - Call to Arms.mid
2013-06-16 22:11 - 2013-06-16 22:11 - 00890839 ____A C:\Users\OryxMortis\Downloads\SecurityCheck.exe
2013-06-16 19:57 - 2013-06-16 19:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-16 19:57 - 2013-06-16 19:56 - 02347384 ____A (ESET) C:\Users\OryxMortis\Desktop\esetsmartinstaller_enu.exe
2013-06-16 19:55 - 2013-06-16 19:54 - 00000768 ____A C:\Users\OryxMortis\Desktop\JRT.txt
2013-06-16 19:51 - 2013-06-16 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\OryxMortis\Desktop\JRT.exe
2013-06-16 19:51 - 2013-06-16 19:51 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 19:51 - 2013-06-16 19:51 - 00000000 ____D C:\JRT
2013-06-16 19:48 - 2013-06-16 19:48 - 00001431 ____A C:\Users\OryxMortis\Desktop\AdwCleaner[S1].txt
2013-06-16 19:46 - 2013-06-16 19:45 - 00001431 ____A C:\AdwCleaner[S1].txt
2013-06-16 19:44 - 2013-06-16 19:44 - 00648201 ____A C:\Users\OryxMortis\Desktop\adwcleaner.exe
2013-06-16 16:14 - 2013-06-16 16:11 - 00000144 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument (3).txt
2013-06-16 13:09 - 2013-06-16 13:09 - 00028543 ____A C:\ComboFix.txt
2013-06-16 13:09 - 2013-06-16 12:58 - 00000000 ____D C:\Qoobox
2013-06-16 13:09 - 2013-06-16 12:57 - 00000000 ____D C:\Windows\erdnt
2013-06-16 13:09 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-16 13:08 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-16 13:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-06-16 12:56 - 2013-06-16 12:55 - 05080151 ____R (Swearware) C:\Users\OryxMortis\Desktop\ComboFix.exe
2013-06-16 12:20 - 2013-06-16 12:20 - 00046671 ____A C:\Users\OryxMortis\Desktop\FRST.txt
2013-06-16 12:20 - 2013-06-16 12:20 - 00018023 ____A C:\Users\OryxMortis\Downloads\Addition.txt
2013-06-16 12:20 - 2013-06-16 12:20 - 00018023 ____A C:\Users\OryxMortis\Desktop\Addition.txt
2013-06-16 12:19 - 2013-06-16 12:19 - 01920546 ____A (Farbar) C:\Users\OryxMortis\Downloads\FRST64.exe
2013-06-16 12:19 - 2013-06-16 12:19 - 00000000 ____D C:\FRST
2013-06-16 12:08 - 2013-06-16 12:08 - 00006919 ____A C:\Users\OryxMortis\Desktop\GMER.log
2013-06-16 12:08 - 2013-06-16 12:01 - 00104112 ____A C:\Users\OryxMortis\Downloads\OTL.Txt
2013-06-16 12:04 - 2013-06-16 12:04 - 00377856 ____A C:\Users\OryxMortis\Downloads\gmer_2.1.19163.exe
2013-06-16 12:02 - 2013-06-16 12:02 - 00099194 ____A C:\Users\OryxMortis\Downloads\Extras.Txt
2013-06-16 11:56 - 2013-06-16 11:56 - 00602112 ____A (OldTimer Tools) C:\Users\OryxMortis\Downloads\OTL.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00050477 ____A C:\Users\OryxMortis\Downloads\Defogger.exe
2013-06-16 11:55 - 2013-06-16 11:55 - 00000482 ____A C:\Users\OryxMortis\Downloads\defogger_disable.log
2013-06-16 11:55 - 2013-06-16 11:55 - 00000000 ____A C:\Users\OryxMortis\defogger_reenable
2013-06-16 11:55 - 2012-12-19 20:08 - 00000000 ___AD C:\users\OryxMortis
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092033.log
2013-06-16 11:20 - 2013-06-16 11:20 - 00000256 ____A C:\Users\OryxMortis\Downloads\fsbl-20130616092007.log
2013-06-16 11:20 - 2012-12-19 21:27 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\PMB Files
2013-06-16 11:19 - 2013-06-16 11:19 - 00916072 ____A (F-Secure Corporation) C:\Users\OryxMortis\Downloads\fsbl1067.exe
2013-06-16 10:59 - 2013-04-12 13:34 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-16 10:59 - 2013-04-12 13:34 - 00000000 ____D C:\ProgramData\Skype
2013-06-16 10:52 - 2013-06-16 10:52 - 00002216 ____A C:\Users\OryxMortis\Desktop\Sicherer Zahlungsverkehr.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00001078 ____A C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-06-16 10:51 - 2013-06-16 10:51 - 00000000 ____D C:\Windows\ELAMBKUP
2013-06-16 10:50 - 2013-06-16 10:50 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-16 10:46 - 2012-12-19 20:21 - 00000306 _RASH C:\ProgramData\ntuser.pol
2013-06-16 10:46 - 2012-12-19 20:21 - 00000000 ____D C:\ProgramData\Trend Micro
2013-06-16 10:43 - 2013-06-16 10:12 - 188740896 ____A (Kaspersky Lab) C:\Users\OryxMortis\Downloads\pure13.0.2.558DE_4340.exe
2013-06-16 10:35 - 2012-12-19 21:27 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-15 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 18:35 - 2013-06-15 18:13 - 00000000 ____D C:\Users\OryxMortis\Desktop\Chillout
2013-06-15 18:33 - 2013-06-15 18:29 - 00000000 ____D C:\Users\OryxMortis\Desktop\Rap
2013-06-13 20:39 - 2013-05-25 21:12 - 00000000 ____D C:\Users\OryxMortis\Desktop\mbwCrack
2013-06-12 21:33 - 2012-12-19 20:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 21:33 - 2012-12-19 20:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 11:40 - 2013-03-19 20:57 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\Paint.NET
2013-06-10 00:41 - 2013-06-09 20:12 - 00018513 ____A C:\Users\OryxMortis\Desktop\Ravenloft.odt
2013-06-10 00:40 - 2013-03-08 00:58 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\QtProject
2013-06-09 23:00 - 2013-06-09 22:31 - 00000000 ____D C:\Users\OryxMortis\Desktop\Skilltree
2013-06-09 21:27 - 2013-06-09 21:27 - 00000000 ____D C:\Program Files (x86)\Graphviz 2.28
2013-06-09 21:27 - 2013-06-09 21:25 - 60429312 ____A C:\Users\OryxMortis\Downloads\graphviz-2.28.0.msi
2013-06-09 21:16 - 2013-06-09 21:10 - 00000000 ____D C:\Users\OryxMortis\.freemind
2013-06-09 21:10 - 2013-06-09 21:10 - 13655880 ____A ( ) C:\Users\OryxMortis\Downloads\FreeMind-Windows-Installer-0.9.0-max.exe
2013-06-09 21:10 - 2013-06-09 21:10 - 00000000 ____D C:\Program Files (x86)\FreeMind
2013-06-09 20:47 - 2013-05-24 18:09 - 00000000 ____D C:\Users\OryxMortis\Desktop\nevv
2013-06-08 16:08 - 2013-06-15 14:09 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 14:09 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 14:09 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 14:09 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 14:09 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 14:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 14:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 14:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 14:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 01:47 - 2013-06-08 01:47 - 00000052 ____A C:\Users\OryxMortis\Desktop\tschuess.bat
2013-06-07 23:57 - 2012-12-19 20:08 - 00000000 ____D C:\Users\OryxMortis\AppData\Local\VirtualStore
2013-06-07 23:52 - 2013-06-07 23:49 - 00000000 ____D C:\Users\OryxMortis\Desktop\Battlefield Vietnam
2013-06-06 16:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-03 22:22 - 2013-06-03 22:14 - 681181264 ____A C:\Users\OryxMortis\Downloads\qt-windows-opensource-5.0.2-mingw47_32-x86-offline.exe
2013-06-03 00:58 - 2013-06-03 00:58 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-06-02 23:34 - 2013-06-02 23:34 - 00000000 ____D C:\Users\OryxMortis\Desktop\Bewerbung
2013-06-01 10:18 - 2013-06-01 10:16 - 00000000 ____D C:\stuff
2013-05-27 01:16 - 2013-02-06 18:57 - 01779354 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-26 03:31 - 2013-05-26 03:29 - 00000000 ___AD C:\Users\OryxMortis\Desktop\Serious Sam II
2013-05-25 23:34 - 2013-05-25 23:34 - 00000000 ____A C:\Users\OryxMortis\Documents\Neues Textdokument (5).txt
2013-05-25 23:14 - 2013-05-25 21:59 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband
2013-05-25 23:13 - 2013-05-25 22:00 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Mount&Blade Warband
2013-05-25 22:05 - 2013-05-25 21:59 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2013-05-25 22:04 - 2013-05-25 22:04 - 00000000 ____D C:\Users\OryxMortis\Documents\Mount&Blade Warband Savegames
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
2013-05-25 22:00 - 2013-05-25 22:00 - 00001140 ____A C:\Users\OryxMortis\Desktop\Mount&Blade Warband.lnk
2013-05-25 21:53 - 2013-05-25 21:58 - 615036714 ____A C:\mb_warband_setup_1153(1).exe
2013-05-25 21:40 - 2013-05-25 21:40 - 00075264 ____A C:\Windows\SysWOW64\Drivers\SSHDRV79.sys
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\UpdatusUser\Desktop\Sacred.lnk
2013-05-25 21:34 - 2013-05-25 21:34 - 00001201 ____A C:\Users\OryxMortis\Desktop\Sacred.lnk
2013-05-25 21:14 - 2013-05-25 21:14 - 00000000 ____D C:\Program Files (x86)\Ascaron Entertainment
2013-05-25 21:11 - 2013-05-25 21:11 - 02343582 ____A C:\Users\OryxMortis\Downloads\mbwCrack.rar
2013-05-25 21:07 - 2013-05-25 21:07 - 07032832 ____A C:\Users\OryxMortis\Downloads\PathOfExileInstaller.msi
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\Documents\Empire Earth II
2013-05-25 20:56 - 2013-05-25 20:56 - 00000000 ____D C:\Users\OryxMortis\AppData\Roaming\Sierra
2013-05-25 19:55 - 2012-12-19 20:33 - 00082896 ____A C:\Windows\DirectX.log
2013-05-25 19:40 - 2013-05-25 19:40 - 00000000 ____D C:\Program Files (x86)\The Games Company
2013-05-25 10:21 - 2013-05-25 10:21 - 00000000 ____D C:\Users\OryxMortis\Documents\NeocoreGames
2013-05-25 09:47 - 2013-05-25 09:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-25 01:23 - 2013-05-24 23:21 - 313856613 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part2.rar.part
2013-05-24 23:16 - 2013-05-24 23:16 - 00000222 ____A C:\Users\OryxMortis\Desktop\The Incredible Adventures of Van Helsing.url
2013-05-24 22:35 - 2013-05-24 18:34 - 472907776 ____A C:\Users\OryxMortis\Downloads\SAC_GE.part1.rar
2013-05-24 18:35 - 2013-05-24 18:31 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-24 18:31 - 2013-05-24 18:31 - 00002037 ____A C:\Users\OryxMortis\Desktop\JDownloader.lnk
2013-05-24 18:30 - 2013-05-24 18:30 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-05-24 18:29 - 2013-05-24 18:29 - 00081488 ____A (AppWork UG (haftungsbeschränkt)) C:\Users\OryxMortis\Downloads\WebInstaller.exe
2013-05-24 18:28 - 2013-05-24 18:28 - 00001476 ____A C:\Users\OryxMortis\Downloads\55cm88r8035u3u3.dlc
2013-05-24 16:34 - 2013-05-19 17:40 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-24 16:32 - 2013-05-19 17:40 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-24 16:29 - 2013-05-24 16:29 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-05-24 16:28 - 2013-05-24 16:28 - 20804736 ____A C:\Users\OryxMortis\Downloads\WIZ_setup.exe
2013-05-23 16:17 - 2012-12-19 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 18:26 - 2013-05-22 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 22:14 - 2013-05-20 17:59 - 00000483 ____A C:\Users\OryxMortis\Desktop\Neues Textdokument.txt
2013-05-20 10:38 - 2013-05-20 10:30 - 00000000 ____D C:\Users\OryxMortis\Desktop\Musik
2013-05-20 10:22 - 2013-05-20 10:22 - 13386816 ____A C:\Users\OryxMortis\Downloads\BeautyOfBooks.themepack
2013-05-20 10:22 - 2013-05-20 10:22 - 11321597 ____A C:\Users\OryxMortis\Downloads\EchoesOfThePast.themepack
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 18:39
==================== End Of Log ============================
|
|
20.06.2013, 08:20
| #8 |
| /// the machine /// TB-Ausbilder | Hohe Pings, langsames Streaming und keinen Schimmer woher. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.06.2013, 02:19
| #9 |
| | Hohe Pings, langsames Streaming und keinen Schimmer woher. Ja, es hat sich nichts geändert.. :/ |
|
21.06.2013, 09:16
| #10 |
| /// the machine /// TB-Ausbilder | Hohe Pings, langsames Streaming und keinen Schimmer woher. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Bitte mal Kaspersky deaktivieren und nochmal testen. Benutzt du einen Router?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Hohe Pings, langsames Streaming und keinen Schimmer woher. |
| adobe, autorun, bho, ebanking, explorer, firefox, flash player, format, hohe pings, home, hängen, hängt, kaspersky, kaspersky pure 3.0, logfile, mozilla, ntdll.dll, plug-in, realtek, registry, scan, sekunden, server, smartphone, software, spielen, svchost.exe, tastatur, temp, usb, windows |
Linear-Darstellung
