![]() |
|
Log-Analyse und Auswertung: Trojan:Win32/Matsun, LogsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Trojan:Win32/Matsun, Logs Hallo, habe heute beim Start meines Rechners die Meldung bekommen, dass sich ein Trojaner eingeschlichen hat. Micrsoft Security Essentials hat folgendes angezeigt: Trojan:Win32/Matsun und das ganze dann unter Quarantäne gestellt. Darüberhinaus funktioniert an meinem Rechner das Internet nicht mehr. Es wird angezeigt dass ich in einen Privaten Modus oder so eintreten müsste, wodurch ich jedoch für andere Sichtbar sei. Da ich kein besonderer Crack bin was den PC angeht, bin ich vorsichtshalber mit dem Laptop on, da ich nicht weiß, ob es ein Fehler meinerseits war (obwohl ich keine Einstellungen vorgenommen habe) oder das Resultat des Trojaners. Beim Start von GMER kam dazu noch folgende Fehlermeldung: C;\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Code:
ATTFilter OTL Extras logfile created on: 2013-06-19 11:54:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DaVinci\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd 3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,25% Memory free 7,96 Gb Paging File | 6,60 Gb Available in Paging File | 82,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,02 Gb Total Space | 21,12 Gb Free Space | 17,75% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 151,60 Gb Total Space | 108,64 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Computer Name: DAVINCI-PC | User Name: DaVinci | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0553D3E4-F026-4EC2-A498-369477216DC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0C2965E3-ED8D-4540-966D-20F8AD0AE60B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A5001CF-DAC0-4C4E-90A5-7496B89F751A}" = lport=137 | protocol=17 | dir=in | app=system | "{4207F789-8FA1-4B4A-AD24-112C8DE85CF3}" = rport=139 | protocol=6 | dir=out | app=system | "{4EDC5C93-A643-4E75-973E-4EEDB43DCC76}" = lport=139 | protocol=6 | dir=in | app=system | "{68785508-6529-4EC5-88B9-A787E839706B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{825B5FA1-57F7-4A59-832E-D1BD5379B0FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89101395-195E-4DD2-BAC2-361DD83F303A}" = lport=10243 | protocol=6 | dir=in | app=system | "{8B2C56C8-B16C-47AB-8A99-3251A0D0CF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9089B609-92AA-4B67-8A57-56E6CFD4EB65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9FA7CDD-2847-4C7F-8065-70806C38E486}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AEB855A9-C1D9-4F04-AF5A-6F7350287733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AEBBC548-9578-41D7-89CD-7E75C6368908}" = rport=10243 | protocol=6 | dir=out | app=system | "{B14C63A5-80E0-47B6-8B8B-1CA81564892B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4F975AE-780B-484F-B473-5D4E704CF088}" = rport=138 | protocol=17 | dir=out | app=system | "{BC65064B-29AE-4E0F-9263-2253B2858354}" = rport=137 | protocol=17 | dir=out | app=system | "{C563FB7C-14B0-4836-9AC1-01CED9C30F9A}" = lport=445 | protocol=6 | dir=in | app=system | "{D4E23544-DBAB-4117-80F5-E5883FA15F4B}" = lport=2869 | protocol=6 | dir=in | app=system | "{DDD2CECB-BB2F-43D2-9883-8F30D464241C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7194A8C-5A07-482A-BFAB-A3A8E58223E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ECEC10ED-660A-4C74-963B-735E38D871CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F07D2C1F-C761-411A-AB90-EFB0A8FA446C}" = lport=138 | protocol=17 | dir=in | app=system | "{F28B0091-E4F1-45F4-8815-50579457F2A6}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{036B9339-A769-4B9B-A982-2AC271D6615D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike\hl.exe | "{12361D03-BB14-4792-B41F-B3D32438AE26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{12DF4DC6-4F19-4917-8FEA-D5BC223A5417}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{12FF0EAF-EA64-43A5-ACE8-06EBC3B6376B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{154E9028-63CA-48A2-826D-4666020713AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{238B3F09-5CFE-441A-AF9B-CF9634C0AF4E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | "{28316493-483E-44C0-B227-561F7D8AD1E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{285DAFF9-7133-4053-AC75-58B051689C08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{292A99CD-5482-407B-921A-134E22D564EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{3157DC32-63A3-4F67-B803-EE615244948C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{35076243-6E6B-41BC-9069-4EA0B01CDBDF}" = protocol=6 | dir=out | app=system | "{3A0A501B-3853-4ABD-8B09-5FB61462D548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3B9A3F6B-2568-46A6-A641-6957AC8DF444}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{3E7AF965-E883-474A-99F3-D08997FC9C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{449EC967-AFE7-4251-B90D-0A2810C0B2D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{452CBEAB-3E69-4DD2-A2CF-7A771557439A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{4F60B938-75BE-4082-9BD2-2291E759D949}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{532C4A10-163C-41D3-893B-F98E10C15D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{5AAF5415-0104-4572-A89A-A1256B9BB603}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{5EDC3F61-508A-4F3E-BA55-155458C1EC5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62D50EFC-E70A-40E9-AC73-1C9D5402BCB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{638E2C30-ED2F-4144-A95E-8D8EC9A672C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6426AFCF-6961-44F3-BB38-1CB45589819A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A6FDBA5-560D-448E-B489-B186BD9C02C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B8ED369-2DA2-4DF1-912E-9A9A18EC5ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{6DE36391-1968-452D-8ED4-1F8AE6B1D54D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{718EFA78-64D8-4470-A823-DC4071B35BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{79DC69DC-EE47-42D7-A39C-E3AE5EE29B27}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7AD0A081-B342-4892-8E25-242A5B138D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{7D91122E-8A1B-455E-830D-6E8743D44B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{7FC1A397-BE97-4424-836B-B6E9E437AF9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8490BB6D-56F6-480F-B985-045FBFBC69FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{85BB28F8-6A2E-4BD1-B345-540A3C056D0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{874FCBFD-3385-42D8-BCD7-970FD23C80BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{8AA5E43D-2AA1-4A87-B8EA-43BC2A164B43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8F036BB7-2D14-4D73-B16B-D22CAE583106}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{904D490A-A3CC-4927-9904-89BFFDB1450F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | "{A10AD277-0AD4-4E0A-8B85-C791D2B25B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A4823EF5-673A-43EB-8738-A48B0FD18A63}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A7B9DE1B-55A9-4A2E-81FB-E08F3B6B377A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AD78156D-8A28-43D0-A3C0-6B537E7833BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{B0F7B9D1-94CF-4948-8030-6E50CA1389CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{B17170B0-239B-4B06-A5C8-B99F9843228B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{B2B128E7-4158-4E59-A384-56C1179E7B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{B30F00DB-7F81-45FB-AACD-9222506C5EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{B91B977C-49BD-436C-AB01-9BE6457D155E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B9239524-87A5-4A3D-86EF-A9465E8388D0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{B9E9494F-5E31-4F0D-88B6-7CA097DC9E14}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{BA04311E-4C59-4039-887B-A60AA1260980}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{BC4103F3-2F53-4638-9424-6AA72A222F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{C3892E94-C7CC-4E44-8671-CEEC7161262D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C44CD806-F49A-4A5C-8EA7-3725C54863A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C62B3C39-ADB1-46AD-995B-14231ACBF53A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{D15BBCFB-9B58-43FF-ABC9-9D07007C7603}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{D1D42D08-2D44-4320-9BC8-514E42236850}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{D31469D5-A9BC-40EE-BBAD-711C48F5D45F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{D6961163-EC43-403B-8597-9C3B0C365317}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{D6E1B6B8-C003-48DA-990B-6519885A66D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{DEAE91D6-1D1E-43D4-80D6-409936DBB7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{E46097B4-19EE-47EA-8A4F-AA4E357C0ED6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E7364D8D-D3E6-4D4B-B796-D5EC84E34641}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{EBE9A6DC-792C-4D23-BEBF-2C81CC377800}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike\hl.exe | "{F1978D20-0736-4BB3-854B-30A4CE164AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{FBFBB623-8835-4D8E-A56D-567CA647E65F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{274C41A6-BA04-4B61-8A64-72CDCA607875}G:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | "TCP Query User{7027B254-3B00-4595-A8C3-DE20B1E333BA}C:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe | "UDP Query User{0C61DD18-B705-4335-B556-2FD8B6910CFD}C:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe | "UDP Query User{F76BBE59-26C0-4D6F-BAB9-075DD2A28AD1}G:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86) "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit) "{26F32F41-2AA7-4DC9-B995-EA9860AE8C3B}" = Saitek SD6 Programming Software 6.2.1.3 "{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "DesktopIconAmazon" = Desktop Icon für Amazon "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SearchAnonymizer" = SearchAnonymizer "sp6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11 "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055 "{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{91923599-1A3C-4EEE-B70C-8B309269DEF7}" = Sound Blaster Recon3D PCIe "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8 "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "adawaretb" = Ad-Aware Security Add-on "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASRock InstantBoot_is1" = ASRock InstantBoot v1.26 "Dolby Digital Live Pack" = Dolby Digital Live Pack "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "Steam App 130" = Half-Life: Blue Shift "Steam App 20" = Team Fortress Classic "Steam App 205100" = Dishonored "Steam App 30" = Day of Defeat "Steam App 40" = Deathmatch Classic "Steam App 50" = Half-Life: Opposing Force "Steam App 60" = Ricochet "Steam App 730" = Counter-Strike: Global Offensive "Steam App 8870" = BioShock Infinite "SysInfo" = Creative Systeminformationen "SystemRequirementsLab" = System Requirements Lab "True - ROCCAT 1.1.0" = True - ROCCAT 1.1.0 "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 1.1.11 "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-06-15 08:46:47 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-16 05:35:08 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-17 05:34:32 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-18 04:08:36 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-18 04:10:00 | Computer Name = DaVinci-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fec Startzeit: 01ce6bfb0ef83191 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 765bb5c1-d7ee-11e2-bea1-002522d93037 Error - 2013-06-18 04:40:23 | Computer Name = DaVinci-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary SB Recon3D PCIe Audio Bus Filter. System Error: Das System kann die angegebene Datei nicht finden. . Error - 2013-06-18 04:40:52 | Computer Name = DaVinci-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary SB Recon3D PCIe Audio Bus Filter. System Error: Das System kann die angegebene Datei nicht finden. . Error - 2013-06-18 04:51:28 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-19 05:36:30 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-19 05:53:22 | Computer Name = DaVinci-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000155149 ID des fehlerhaften Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01ce6cd0869bb007 Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Berichtskennung: 13309109-d8c6-11e2-939d-002522d93037 [ Spybot - Search and Destroy Events ] Error - 2012-11-22 16:25:40 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 2012-12-01 08:24:41 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 2012-12-21 14:19:31 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 2013-02-12 12:57:57 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 2013-06-18 04:23:42 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.151.2345.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. Error - 2013-06-18 04:23:42 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.151.2345.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. Error - 2013-06-18 04:32:38 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.151.2345.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 2013-06-18 04:53:29 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 2013-06-18 04:53:29 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 2013-06-19 05:38:31 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 2013-06-19 05:38:31 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 2013-06-19 05:46:30 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.153.22.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9607.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 2013-06-19 05:53:21 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 2013-06-19 05:53:21 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-19 12:16:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_470_Series_SSD rev.AXM09B1Q 119,24GB Running: gmer_2.1.19163.exe; Driver: C:\Users\DaVinci\AppData\Local\Temp\awliifod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072df1a22 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072df1ad0 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072df1b08 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072df1bba 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072df1bda 2 bytes [DF, 72] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a91465 2 bytes [A9, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a914bb 2 bytes [A9, 76] .text ... * 2 .text C:\ProgramData\Search Protection\SearchProtection.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a91465 2 bytes [A9, 76] .text C:\ProgramData\Search Protection\SearchProtection.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a914bb 2 bytes [A9, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000758b103d 5 bytes JMP 0000000102093dc4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\advapi32.DLL!CreateProcessAsUserW 000000007669c592 5 bytes JMP 0000000102093b6c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000759b4406 6 bytes JMP 719a0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000759b4889 6 bytes JMP 71af0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!FreeAddrInfoW 00000000759b4b1b 6 bytes JMP 71a90f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!recv 00000000759b6b0e 6 bytes JMP 719d0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!send 00000000759b6f01 6 bytes JMP 71a00f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000759b7089 6 bytes JMP 71970f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000759b7489 6 bytes JMP 71940f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000759bd1ea 6 bytes JMP 71a60f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!FreeAddrInfoEx 00000000759be14d 6 bytes JMP 71a30f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle 0000000075ab4282 5 bytes JMP 0000000102092b74 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA 0000000075ab7079 5 bytes JMP 0000000102092aa4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoW 0000000075ab77c2 5 bytes JMP 0000000102092b0c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW 0000000075ab7ca6 5 bytes JMP 00000001020904f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW 0000000075ab83dd 5 bytes JMP 000000010208eac8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetConnectW 0000000075abb214 5 bytes JMP 000000010208e1c0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable 0000000075ac92e9 5 bytes JMP 0000000102091400 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFile 0000000075ac972b 5 bytes JMP 000000010209192c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFileExW 0000000075adadd7 5 bytes JMP 00000001020922dc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA 0000000075adae2e 5 bytes JMP 0000000102091b14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetOpenA 0000000075b0cf60 5 bytes JMP 000000010208e16c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetConnectA 0000000075b5d0b3 5 bytes JMP 000000010208e3a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA 0000000075b832f2 5 bytes JMP 000000010208fd80 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA 0000000075b83595 5 bytes JMP 000000010208ed1c ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3860:3868] 0000000002099310 Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3860:3900] 00000000020991e0 Thread C:\Windows\SysWOW64\svchost.exe [960:3992] 000000007efa0000 Thread C:\Windows\SysWOW64\svchost.exe [960:1308] 000000007efab973 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:3408] 0000000077c53e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:392] 00000000759f7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:1496] 00000000746a0cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:1548] 0000000077c52e25 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:2272] 0000000077c53e45 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter OTL logfile created on: 2013-06-19 11:54:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DaVinci\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd 3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,25% Memory free 7,96 Gb Paging File | 6,60 Gb Available in Paging File | 82,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,02 Gb Total Space | 21,12 Gb Free Space | 17,75% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 151,60 Gb Total Space | 108,64 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Computer Name: DAVINCI-PC | User Name: DaVinci | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-06-19 11:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-11-16 11:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012-11-13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012-11-13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012-11-13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012-11-06 23:16:50 | 000,485,272 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe PRC - [2011-12-10 19:38:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe PRC - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009-05-01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013-01-28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-06-07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-05-30 16:23:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-04-19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-02-26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-01-28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013-01-28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2013-01-27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-01-27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-12-28 23:13:57 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011-12-10 19:38:43 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-09-27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-05-01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-01-20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012-11-22 21:59:33 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-12-11 19:33:22 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MassDfu.sys -- (DFU) DRV:64bit: - [2011-09-02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011-09-02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011-07-08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011-02-08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-09-30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010-09-30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010-06-23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-08-14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV:64bit: - [2008-02-18 16:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2008-02-18 16:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2008-01-21 10:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728) DRV - [2012-11-16 17:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011-12-11 19:33:22 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{0DFC1506-A213-4AD2-BF3A-B7D16AB1661F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{31631685-EB30-4952-9C62-13C32BF15F47}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{32F517FE-A623-422E-85CD-115A391E411F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q={searchTerms} IE - HKCU\..\SearchScopes\{758F30B4-EDAE-414B-9ADB-70A79CDD2A0D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{FA0A1C98-1314-410E-BBFC-5BE29AF51A60}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2 FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-06-02 19:20:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de [2011-12-28 23:07:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net [2012-03-25 19:35:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-06-02 19:20:08 | 000,000,000 | ---D | M] [2011-11-18 17:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Extensions [2013-05-10 19:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions [2012-11-22 21:58:07 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012-03-25 19:35:53 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net [2012-11-22 21:58:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011-12-28 23:07:54 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de [2013-05-10 19:15:02 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-28 23:13:58 | 000,002,182 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{B5EB2D7B-EA87-4A1C-9C95-22B60289593D}.xml [2011-12-28 23:13:58 | 000,001,864 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{CF3A2487-E996-4C04-BA3D-17506E6357EA}.xml [2011-12-28 23:13:58 | 000,002,071 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{E711E580-7D5D-41A2-91EC-CE152B78DA82}.xml [2013-05-30 16:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-05-30 16:23:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012-11-22 21:58:08 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat () O4 - HKCU..\Run: [exectt] C:\Users\DaVinci\AppData\Roaming\exectt.exe () O4 - HKCU..\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe (CJSC "Computing Forces") O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EAB614B-FABC-4BC6-9543-68D533D4B45A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\sbrnpcie.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\sbrnpcie.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-06-19 11:42:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe [2013-06-18 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln [2013-06-02 19:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013-05-30 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-05-25 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013-05-25 18:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013-05-25 18:56:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-06-19 11:52:39 | 000,000,000 | ---- | M] () -- C:\Users\DaVinci\defogger_reenable [2013-06-19 11:48:42 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-06-19 11:48:42 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013-06-19 11:48:42 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-06-19 11:48:42 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013-06-19 11:48:42 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-06-19 11:44:12 | 000,025,206 | ---- | M] () -- C:\Users\DaVinci\Desktop\SystemScan.odt [2013-06-19 11:43:32 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-06-19 11:43:32 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-06-19 11:43:17 | 000,377,856 | ---- | M] () -- C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe [2013-06-19 11:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe [2013-06-19 11:41:38 | 000,050,477 | ---- | M] () -- C:\Users\DaVinci\Desktop\Defogger.exe [2013-06-19 11:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-06-18 10:51:26 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-06-18 10:40:20 | 000,000,051 | RH-- | M] () -- C:\Windows\ctfile.rfc [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-06-19 11:52:39 | 000,000,000 | ---- | C] () -- C:\Users\DaVinci\defogger_reenable [2013-06-19 11:44:10 | 000,025,206 | ---- | C] () -- C:\Users\DaVinci\Desktop\SystemScan.odt [2013-06-19 11:43:11 | 000,377,856 | ---- | C] () -- C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe [2013-06-19 11:41:37 | 000,050,477 | ---- | C] () -- C:\Users\DaVinci\Desktop\Defogger.exe [2013-06-18 10:51:23 | 000,294,344 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-09-14 10:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012-09-14 10:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012-01-28 12:39:16 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012-01-28 12:39:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012-01-28 12:38:54 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-01-25 09:27:17 | 000,003,492 | ---- | C] () -- C:\Windows\Solitaire.ini [2011-12-28 23:07:53 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011-12-10 19:38:45 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-12-10 19:38:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-11-18 18:56:36 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2011-11-18 18:56:36 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2011-11-18 18:56:35 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe [2011-11-18 18:56:35 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll [2011-11-18 18:56:35 | 000,012,750 | ---- | C] () -- C:\Windows\unins000.dat [2011-11-18 18:43:51 | 001,555,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1601-01-01 02:00:00 | 000,242,176 | ---- | C] () -- C:\Users\DaVinci\AppData\Roaming\exectt.exe ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011-12-04 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Acreon [2013-04-25 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Amazon [2012-11-22 21:58:08 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\blekko [2013-06-18 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln [2012-12-27 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\ControlCenter4 [2011-11-18 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\DAEMON Tools Lite [2011-12-28 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\DesktopIconForAmazon [2012-09-11 15:33:52 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\HTC [2013-05-25 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\ICQ [2011-11-18 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Leadertech [2012-12-26 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\noteMaNIA [2013-01-20 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Nuance [2011-12-28 23:13:57 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\OCS [2011-11-18 20:40:13 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\OpenOffice.org [2011-12-28 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Opera [2011-12-10 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\PunkBuster [2013-02-05 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\smc [2011-11-18 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Thunderbird [2013-06-18 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\TS3Client [2013-01-20 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\TuneUp Software [2013-01-20 20:06:50 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > |
Themen zu Trojan:Win32/Matsun, Logs |
.com, ad-aware, bho, error, fehler, flash player, homepage, iexplore.exe, install.exe, internet, logfile, mozilla, plug-in, prozess, realtek, registry, scan, security, software, svchost.exe, system, system error, teamspeak, trojan, trojaner, windows |