|
Log-Analyse und Auswertung: Trojan:Win32/Matsun, LogsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.06.2013, 12:05 | #1 |
| Trojan:Win32/Matsun, Logs Hallo, habe heute beim Start meines Rechners die Meldung bekommen, dass sich ein Trojaner eingeschlichen hat. Micrsoft Security Essentials hat folgendes angezeigt: Trojan:Win32/Matsun und das ganze dann unter Quarantäne gestellt. Darüberhinaus funktioniert an meinem Rechner das Internet nicht mehr. Es wird angezeigt dass ich in einen Privaten Modus oder so eintreten müsste, wodurch ich jedoch für andere Sichtbar sei. Da ich kein besonderer Crack bin was den PC angeht, bin ich vorsichtshalber mit dem Laptop on, da ich nicht weiß, ob es ein Fehler meinerseits war (obwohl ich keine Einstellungen vorgenommen habe) oder das Resultat des Trojaners. Beim Start von GMER kam dazu noch folgende Fehlermeldung: C;\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Code:
ATTFilter OTL Extras logfile created on: 2013-06-19 11:54:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DaVinci\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd 3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,25% Memory free 7,96 Gb Paging File | 6,60 Gb Available in Paging File | 82,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,02 Gb Total Space | 21,12 Gb Free Space | 17,75% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 151,60 Gb Total Space | 108,64 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Computer Name: DAVINCI-PC | User Name: DaVinci | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0553D3E4-F026-4EC2-A498-369477216DC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0C2965E3-ED8D-4540-966D-20F8AD0AE60B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A5001CF-DAC0-4C4E-90A5-7496B89F751A}" = lport=137 | protocol=17 | dir=in | app=system | "{4207F789-8FA1-4B4A-AD24-112C8DE85CF3}" = rport=139 | protocol=6 | dir=out | app=system | "{4EDC5C93-A643-4E75-973E-4EEDB43DCC76}" = lport=139 | protocol=6 | dir=in | app=system | "{68785508-6529-4EC5-88B9-A787E839706B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{825B5FA1-57F7-4A59-832E-D1BD5379B0FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{89101395-195E-4DD2-BAC2-361DD83F303A}" = lport=10243 | protocol=6 | dir=in | app=system | "{8B2C56C8-B16C-47AB-8A99-3251A0D0CF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9089B609-92AA-4B67-8A57-56E6CFD4EB65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9FA7CDD-2847-4C7F-8065-70806C38E486}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AEB855A9-C1D9-4F04-AF5A-6F7350287733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AEBBC548-9578-41D7-89CD-7E75C6368908}" = rport=10243 | protocol=6 | dir=out | app=system | "{B14C63A5-80E0-47B6-8B8B-1CA81564892B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4F975AE-780B-484F-B473-5D4E704CF088}" = rport=138 | protocol=17 | dir=out | app=system | "{BC65064B-29AE-4E0F-9263-2253B2858354}" = rport=137 | protocol=17 | dir=out | app=system | "{C563FB7C-14B0-4836-9AC1-01CED9C30F9A}" = lport=445 | protocol=6 | dir=in | app=system | "{D4E23544-DBAB-4117-80F5-E5883FA15F4B}" = lport=2869 | protocol=6 | dir=in | app=system | "{DDD2CECB-BB2F-43D2-9883-8F30D464241C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7194A8C-5A07-482A-BFAB-A3A8E58223E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ECEC10ED-660A-4C74-963B-735E38D871CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F07D2C1F-C761-411A-AB90-EFB0A8FA446C}" = lport=138 | protocol=17 | dir=in | app=system | "{F28B0091-E4F1-45F4-8815-50579457F2A6}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{036B9339-A769-4B9B-A982-2AC271D6615D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike\hl.exe | "{12361D03-BB14-4792-B41F-B3D32438AE26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{12DF4DC6-4F19-4917-8FEA-D5BC223A5417}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{12FF0EAF-EA64-43A5-ACE8-06EBC3B6376B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{154E9028-63CA-48A2-826D-4666020713AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{238B3F09-5CFE-441A-AF9B-CF9634C0AF4E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | "{28316493-483E-44C0-B227-561F7D8AD1E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{285DAFF9-7133-4053-AC75-58B051689C08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{292A99CD-5482-407B-921A-134E22D564EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{3157DC32-63A3-4F67-B803-EE615244948C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{35076243-6E6B-41BC-9069-4EA0B01CDBDF}" = protocol=6 | dir=out | app=system | "{3A0A501B-3853-4ABD-8B09-5FB61462D548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3B9A3F6B-2568-46A6-A641-6957AC8DF444}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{3E7AF965-E883-474A-99F3-D08997FC9C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{449EC967-AFE7-4251-B90D-0A2810C0B2D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{452CBEAB-3E69-4DD2-A2CF-7A771557439A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{4F60B938-75BE-4082-9BD2-2291E759D949}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{532C4A10-163C-41D3-893B-F98E10C15D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{5AAF5415-0104-4572-A89A-A1256B9BB603}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{5EDC3F61-508A-4F3E-BA55-155458C1EC5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62D50EFC-E70A-40E9-AC73-1C9D5402BCB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{638E2C30-ED2F-4144-A95E-8D8EC9A672C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6426AFCF-6961-44F3-BB38-1CB45589819A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A6FDBA5-560D-448E-B489-B186BD9C02C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B8ED369-2DA2-4DF1-912E-9A9A18EC5ECC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{6DE36391-1968-452D-8ED4-1F8AE6B1D54D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{718EFA78-64D8-4470-A823-DC4071B35BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{79DC69DC-EE47-42D7-A39C-E3AE5EE29B27}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7AD0A081-B342-4892-8E25-242A5B138D3D}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{7D91122E-8A1B-455E-830D-6E8743D44B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{7FC1A397-BE97-4424-836B-B6E9E437AF9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8490BB6D-56F6-480F-B985-045FBFBC69FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{85BB28F8-6A2E-4BD1-B345-540A3C056D0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{874FCBFD-3385-42D8-BCD7-970FD23C80BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{8AA5E43D-2AA1-4A87-B8EA-43BC2A164B43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8F036BB7-2D14-4D73-B16B-D22CAE583106}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | "{904D490A-A3CC-4927-9904-89BFFDB1450F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | "{A10AD277-0AD4-4E0A-8B85-C791D2B25B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A4823EF5-673A-43EB-8738-A48B0FD18A63}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A7B9DE1B-55A9-4A2E-81FB-E08F3B6B377A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AD78156D-8A28-43D0-A3C0-6B537E7833BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{B0F7B9D1-94CF-4948-8030-6E50CA1389CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{B17170B0-239B-4B06-A5C8-B99F9843228B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{B2B128E7-4158-4E59-A384-56C1179E7B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{B30F00DB-7F81-45FB-AACD-9222506C5EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{B91B977C-49BD-436C-AB01-9BE6457D155E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B9239524-87A5-4A3D-86EF-A9465E8388D0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{B9E9494F-5E31-4F0D-88B6-7CA097DC9E14}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{BA04311E-4C59-4039-887B-A60AA1260980}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{BC4103F3-2F53-4638-9424-6AA72A222F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | "{C3892E94-C7CC-4E44-8671-CEEC7161262D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C44CD806-F49A-4A5C-8EA7-3725C54863A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C62B3C39-ADB1-46AD-995B-14231ACBF53A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{D15BBCFB-9B58-43FF-ABC9-9D07007C7603}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{D1D42D08-2D44-4320-9BC8-514E42236850}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{D31469D5-A9BC-40EE-BBAD-711C48F5D45F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{D6961163-EC43-403B-8597-9C3B0C365317}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{D6E1B6B8-C003-48DA-990B-6519885A66D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{DEAE91D6-1D1E-43D4-80D6-409936DBB7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{E46097B4-19EE-47EA-8A4F-AA4E357C0ED6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E7364D8D-D3E6-4D4B-B796-D5EC84E34641}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{EBE9A6DC-792C-4D23-BEBF-2C81CC377800}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike\hl.exe | "{F1978D20-0736-4BB3-854B-30A4CE164AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | "{FBFBB623-8835-4D8E-A56D-567CA647E65F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{274C41A6-BA04-4B61-8A64-72CDCA607875}G:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | "TCP Query User{7027B254-3B00-4595-A8C3-DE20B1E333BA}C:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe | "UDP Query User{0C61DD18-B705-4335-B556-2FD8B6910CFD}C:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counterstrike source beta\hl2.exe | "UDP Query User{F76BBE59-26C0-4D6F-BAB9-075DD2A28AD1}G:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86) "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit) "{26F32F41-2AA7-4DC9-B995-EA9860AE8C3B}" = Saitek SD6 Programming Software 6.2.1.3 "{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "DesktopIconAmazon" = Desktop Icon für Amazon "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SearchAnonymizer" = SearchAnonymizer "sp6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11 "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055 "{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{91923599-1A3C-4EEE-B70C-8B309269DEF7}" = Sound Blaster Recon3D PCIe "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8 "{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "adawaretb" = Ad-Aware Security Add-on "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASRock InstantBoot_is1" = ASRock InstantBoot v1.26 "Dolby Digital Live Pack" = Dolby Digital Live Pack "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "Steam App 130" = Half-Life: Blue Shift "Steam App 20" = Team Fortress Classic "Steam App 205100" = Dishonored "Steam App 30" = Day of Defeat "Steam App 40" = Deathmatch Classic "Steam App 50" = Half-Life: Opposing Force "Steam App 60" = Ricochet "Steam App 730" = Counter-Strike: Global Offensive "Steam App 8870" = BioShock Infinite "SysInfo" = Creative Systeminformationen "SystemRequirementsLab" = System Requirements Lab "True - ROCCAT 1.1.0" = True - ROCCAT 1.1.0 "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 1.1.11 "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-06-15 08:46:47 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-16 05:35:08 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-17 05:34:32 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-18 04:08:36 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-18 04:10:00 | Computer Name = DaVinci-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.78.87.58 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fec Startzeit: 01ce6bfb0ef83191 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 765bb5c1-d7ee-11e2-bea1-002522d93037 Error - 2013-06-18 04:40:23 | Computer Name = DaVinci-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary SB Recon3D PCIe Audio Bus Filter. System Error: Das System kann die angegebene Datei nicht finden. . Error - 2013-06-18 04:40:52 | Computer Name = DaVinci-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary SB Recon3D PCIe Audio Bus Filter. System Error: Das System kann die angegebene Datei nicht finden. . Error - 2013-06-18 04:51:28 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-19 05:36:30 | Computer Name = DaVinci-PC | Source = WinMgmt | ID = 10 Description = Error - 2013-06-19 05:53:22 | Computer Name = DaVinci-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000155149 ID des fehlerhaften Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01ce6cd0869bb007 Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Berichtskennung: 13309109-d8c6-11e2-939d-002522d93037 [ Spybot - Search and Destroy Events ] Error - 2012-11-22 16:25:40 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 2012-12-01 08:24:41 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 2012-12-21 14:19:31 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 2013-02-12 12:57:57 | Computer Name = DaVinci-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 2013-06-18 04:23:42 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.151.2345.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. Error - 2013-06-18 04:23:42 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.151.2345.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. Error - 2013-06-18 04:32:38 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.151.2345.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9506.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 2013-06-18 04:53:29 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 2013-06-18 04:53:29 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 2013-06-19 05:38:31 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 2013-06-19 05:38:31 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 2013-06-19 05:46:30 | Computer Name = DaVinci-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.153.22.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9607.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 2013-06-19 05:53:21 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 2013-06-19 05:53:21 | Computer Name = DaVinci-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-19 12:16:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_470_Series_SSD rev.AXM09B1Q 119,24GB Running: gmer_2.1.19163.exe; Driver: C:\Users\DaVinci\AppData\Local\Temp\awliifod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072df1a22 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072df1ad0 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072df1b08 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072df1bba 2 bytes [DF, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1924] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072df1bda 2 bytes [DF, 72] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a91465 2 bytes [A9, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a914bb 2 bytes [A9, 76] .text ... * 2 .text C:\ProgramData\Search Protection\SearchProtection.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a91465 2 bytes [A9, 76] .text C:\ProgramData\Search Protection\SearchProtection.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a914bb 2 bytes [A9, 76] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000758b103d 5 bytes JMP 0000000102093dc4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\advapi32.DLL!CreateProcessAsUserW 000000007669c592 5 bytes JMP 0000000102093b6c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000759b4406 6 bytes JMP 719a0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000759b4889 6 bytes JMP 71af0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!FreeAddrInfoW 00000000759b4b1b 6 bytes JMP 71a90f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!recv 00000000759b6b0e 6 bytes JMP 719d0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!send 00000000759b6f01 6 bytes JMP 71a00f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000759b7089 6 bytes JMP 71970f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000759b7489 6 bytes JMP 71940f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000759bd1ea 6 bytes JMP 71a60f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\WS2_32.dll!FreeAddrInfoEx 00000000759be14d 6 bytes JMP 71a30f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetCloseHandle 0000000075ab4282 5 bytes JMP 0000000102092b74 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoA 0000000075ab7079 5 bytes JMP 0000000102092aa4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpQueryInfoW 0000000075ab77c2 5 bytes JMP 0000000102092b0c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpSendRequestW 0000000075ab7ca6 5 bytes JMP 00000001020904f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestW 0000000075ab83dd 5 bytes JMP 000000010208eac8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetConnectW 0000000075abb214 5 bytes JMP 000000010208e1c0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetQueryDataAvailable 0000000075ac92e9 5 bytes JMP 0000000102091400 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFile 0000000075ac972b 5 bytes JMP 000000010209192c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFileExW 0000000075adadd7 5 bytes JMP 00000001020922dc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetReadFileExA 0000000075adae2e 5 bytes JMP 0000000102091b14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetOpenA 0000000075b0cf60 5 bytes JMP 000000010208e16c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!InternetConnectA 0000000075b5d0b3 5 bytes JMP 000000010208e3a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpSendRequestA 0000000075b832f2 5 bytes JMP 000000010208fd80 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\wininet.DLL!HttpOpenRequestA 0000000075b83595 5 bytes JMP 000000010208ed1c ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3860:3868] 0000000002099310 Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3860:3900] 00000000020991e0 Thread C:\Windows\SysWOW64\svchost.exe [960:3992] 000000007efa0000 Thread C:\Windows\SysWOW64\svchost.exe [960:1308] 000000007efab973 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:3408] 0000000077c53e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:392] 00000000759f7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:1496] 00000000746a0cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:1548] 0000000077c52e25 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3332:2272] 0000000077c53e45 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter OTL logfile created on: 2013-06-19 11:54:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DaVinci\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd 3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,25% Memory free 7,96 Gb Paging File | 6,60 Gb Available in Paging File | 82,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,02 Gb Total Space | 21,12 Gb Free Space | 17,75% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 151,60 Gb Total Space | 108,64 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Computer Name: DAVINCI-PC | User Name: DaVinci | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-06-19 11:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe PRC - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-11-16 11:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012-11-13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012-11-13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012-11-13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012-11-06 23:16:50 | 000,485,272 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe PRC - [2011-12-10 19:38:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe PRC - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009-05-01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013-01-28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-06-07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-05-30 16:23:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-04-19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-02-26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-01-28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013-01-28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2013-01-27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-01-27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-12-28 23:13:57 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011-12-10 19:38:43 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-09-27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-05-01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-01-20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012-11-22 21:59:33 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-12-11 19:33:22 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MassDfu.sys -- (DFU) DRV:64bit: - [2011-09-02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011-09-02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011-07-08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011-02-08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-10-19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-09-30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010-09-30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010-06-23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-08-14 07:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV:64bit: - [2008-02-18 16:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2008-02-18 16:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2008-01-21 10:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728) DRV - [2012-11-16 17:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011-12-11 19:33:22 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{0DFC1506-A213-4AD2-BF3A-B7D16AB1661F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{31631685-EB30-4952-9C62-13C32BF15F47}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{32F517FE-A623-422E-85CD-115A391E411F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q={searchTerms} IE - HKCU\..\SearchScopes\{758F30B4-EDAE-414B-9ADB-70A79CDD2A0D}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{FA0A1C98-1314-410E-BBFC-5BE29AF51A60}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2 FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-06-02 19:20:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de [2011-12-28 23:07:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net [2012-03-25 19:35:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013-06-02 19:20:08 | 000,000,000 | ---D | M] [2011-11-18 17:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Extensions [2013-05-10 19:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions [2012-11-22 21:58:07 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012-03-25 19:35:53 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net [2012-11-22 21:58:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011-12-28 23:07:54 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\DaVinci\AppData\Roaming\mozilla\Firefox\Profiles\83k93miq.default\extensions\mail@gutscheinrausch.de [2013-05-10 19:15:02 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-28 23:13:58 | 000,002,182 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{B5EB2D7B-EA87-4A1C-9C95-22B60289593D}.xml [2011-12-28 23:13:58 | 000,001,864 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{CF3A2487-E996-4C04-BA3D-17506E6357EA}.xml [2011-12-28 23:13:58 | 000,002,071 | ---- | M] () -- C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\searchplugins\{E711E580-7D5D-41A2-91EC-CE152B78DA82}.xml [2013-05-30 16:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013-05-30 16:23:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012-11-22 21:58:08 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat () O4 - HKCU..\Run: [exectt] C:\Users\DaVinci\AppData\Roaming\exectt.exe () O4 - HKCU..\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe (CJSC "Computing Forces") O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EAB614B-FABC-4BC6-9543-68D533D4B45A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\sbrnpcie.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\sbrnpcie.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013-06-19 11:42:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe [2013-06-18 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln [2013-06-02 19:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013-05-30 16:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-05-25 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013-05-25 18:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013-05-25 18:56:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-06-19 11:52:39 | 000,000,000 | ---- | M] () -- C:\Users\DaVinci\defogger_reenable [2013-06-19 11:48:42 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-06-19 11:48:42 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013-06-19 11:48:42 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-06-19 11:48:42 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013-06-19 11:48:42 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-06-19 11:44:12 | 000,025,206 | ---- | M] () -- C:\Users\DaVinci\Desktop\SystemScan.odt [2013-06-19 11:43:32 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-06-19 11:43:32 | 000,025,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-06-19 11:43:17 | 000,377,856 | ---- | M] () -- C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe [2013-06-19 11:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DaVinci\Desktop\OTL.exe [2013-06-19 11:41:38 | 000,050,477 | ---- | M] () -- C:\Users\DaVinci\Desktop\Defogger.exe [2013-06-19 11:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-06-18 10:51:26 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-06-18 10:40:20 | 000,000,051 | RH-- | M] () -- C:\Windows\ctfile.rfc [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-06-19 11:52:39 | 000,000,000 | ---- | C] () -- C:\Users\DaVinci\defogger_reenable [2013-06-19 11:44:10 | 000,025,206 | ---- | C] () -- C:\Users\DaVinci\Desktop\SystemScan.odt [2013-06-19 11:43:11 | 000,377,856 | ---- | C] () -- C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe [2013-06-19 11:41:37 | 000,050,477 | ---- | C] () -- C:\Users\DaVinci\Desktop\Defogger.exe [2013-06-18 10:51:23 | 000,294,344 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-09-14 10:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012-09-14 10:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012-01-28 12:39:16 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012-01-28 12:39:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012-01-28 12:38:54 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-01-25 09:27:17 | 000,003,492 | ---- | C] () -- C:\Windows\Solitaire.ini [2011-12-28 23:07:53 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011-12-10 19:38:45 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-12-10 19:38:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-11-18 18:56:36 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2011-11-18 18:56:36 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2011-11-18 18:56:35 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe [2011-11-18 18:56:35 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll [2011-11-18 18:56:35 | 000,012,750 | ---- | C] () -- C:\Windows\unins000.dat [2011-11-18 18:43:51 | 001,555,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1601-01-01 02:00:00 | 000,242,176 | ---- | C] () -- C:\Users\DaVinci\AppData\Roaming\exectt.exe ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011-12-04 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Acreon [2013-04-25 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Amazon [2012-11-22 21:58:08 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\blekko [2013-06-18 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln [2012-12-27 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\ControlCenter4 [2011-11-18 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\DAEMON Tools Lite [2011-12-28 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\DesktopIconForAmazon [2012-09-11 15:33:52 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\HTC [2013-05-25 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\ICQ [2011-11-18 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Leadertech [2012-12-26 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\noteMaNIA [2013-01-20 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Nuance [2011-12-28 23:13:57 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\OCS [2011-11-18 20:40:13 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\OpenOffice.org [2011-12-28 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Opera [2011-12-10 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\PunkBuster [2013-02-05 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\smc [2011-11-18 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Thunderbird [2013-06-18 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\TS3Client [2013-01-20 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\TuneUp Software [2013-01-20 20:06:50 | 000,000,000 | ---D | M] -- C:\Users\DaVinci\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > |
19.06.2013, 12:12 | #2 |
/// the machine /// TB-Ausbilder | Trojan:Win32/Matsun, Logs Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
20.06.2013, 11:55 | #3 |
| Trojan:Win32/Matsun, Logs Hallo,
__________________hier die angeforderten Logs FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013 Ran by DaVinci (administrator) on 20-06-2013 12:46:14 Running from C:\Users\DaVinci\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lavasoft.) C:\ProgramData\Search Protection\SearchProtection.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Ocs_SM] C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-12-28] (OCS) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [186880 2008-01-18] (Saitek) HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-01-18] (Saitek) HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [352256 2008-01-18] (Saitek) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe [122368 2013-06-19] (CJSC "Computing Forces") HKCU\...\Run: [exectt] "C:\Users\DaVinci\AppData\Roaming\exectt.exe" -autorun [242176 1693-10-01] () HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-11-16] (Lavasoft) HKLM-x32\...\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat [172 2012-11-22] () HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.) HKU\UpdatusUser\...\Run: [zASRockInstantBoot] [x] HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation) HKU\UpdatusUser\...\Run: [CTRegRun] C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd ) HKU\UpdatusUser\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x] HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [x] HKU\UpdatusUser\...\RunOnce: [InetReg] "C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 [x] IMEO\sbrnpcie.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com URLSearchHook: (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File SearchScopes: HKCU - {0DFC1506-A213-4AD2-BF3A-B7D16AB1661F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {31631685-EB30-4952-9C62-13C32BF15F47} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {32F517FE-A623-422E-85CD-115A391E411F} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q={searchTerms} SearchScopes: HKCU - {758F30B4-EDAE-414B-9ADB-70A79CDD2A0D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {FA0A1C98-1314-410E-BBFC-5BE29AF51A60} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: FireJump - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\firejump@firejump.net FF Extension: Lavasoft Search Plugin - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF Extension: Gutscheinrausch.de - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\mail@gutscheinrausch.de FF Extension: Ad-Aware Security Add-on - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\firejump_1027.zip FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-10] () R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S4 SearchAnonymizer; C:\Users\DaVinci\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-12-28] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S3 DFU; C:\Windows\System32\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL) S3 DFU; C:\Windows\SysWow64\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-22] (GFI Software) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2008-02-18] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [41216 2008-02-18] (Saitek) S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 cthda; system32\drivers\cthda.sys [x] U3 JavaQuickStarterService; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST 2013-06-20 12:44 - 2013-06-20 12:44 - 01929572 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe 2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log 2013-06-19 12:00 - 2013-06-19 12:09 - 00010266 ____A C:\Users\DaVinci\Desktop\trojaner.odt 2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt 2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt 2013-06-19 11:52 - 2013-06-19 12:15 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log 2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable 2013-06-19 11:44 - 2013-06-19 11:44 - 00025206 ____A C:\Users\DaVinci\Desktop\SystemScan.odt 2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe 2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe 2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe 2013-06-18 10:51 - 2013-06-20 12:38 - 00001223 ____A C:\Windows\setupact.log 2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00002102 ____A C:\Windows\PFRO.log 2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log 2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln 2013-06-17 12:59 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-17 12:59 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-17 12:59 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-17 12:59 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-17 12:59 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-17 12:59 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-17 12:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-17 12:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-17 12:59 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-17 12:59 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-17 12:59 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-17 12:59 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-17 12:59 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-17 12:59 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-17 12:55 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-17 12:55 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-17 12:55 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-17 12:55 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-17 12:55 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-17 12:55 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-17 12:55 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-17 12:55 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-17 12:55 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-17 12:55 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-17 12:55 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-17 12:55 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-17 12:55 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-17 12:55 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-17 12:55 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-17 12:55 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-17 12:55 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-16 20:55 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-16 20:55 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-02 19:19 - 2013-06-02 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-30 16:23 - 2013-06-18 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-25 18:56 - 2013-05-25 19:06 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe 2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe ==================== One Month Modified Files and Folders ======= 2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST 2013-06-20 12:45 - 2011-11-19 02:08 - 00664618 ____A C:\Windows\System32\perfh007.dat 2013-06-20 12:45 - 2011-11-19 02:08 - 00134786 ____A C:\Windows\System32\perfc007.dat 2013-06-20 12:45 - 2009-07-14 07:13 - 01527550 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-20 12:45 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-20 12:45 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-20 12:44 - 2013-06-20 12:44 - 01929572 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe 2013-06-20 12:42 - 2011-11-18 17:17 - 01657750 ____A C:\Windows\WindowsUpdate.log 2013-06-20 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-20 12:38 - 2013-06-18 10:51 - 00001223 ____A C:\Windows\setupact.log 2013-06-20 12:38 - 2011-11-18 18:14 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-20 12:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log 2013-06-19 12:15 - 2013-06-19 11:52 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log 2013-06-19 12:09 - 2013-06-19 12:00 - 00010266 ____A C:\Users\DaVinci\Desktop\trojaner.odt 2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt 2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt 2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable 2013-06-19 11:52 - 2011-11-18 17:17 - 00000000 ____D C:\users\DaVinci 2013-06-19 11:44 - 2013-06-19 11:44 - 00025206 ____A C:\Users\DaVinci\Desktop\SystemScan.odt 2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe 2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe 2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe 2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00002102 ____A C:\Windows\PFRO.log 2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log 2013-06-18 10:43 - 2013-05-30 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-18 10:41 - 2012-02-03 20:26 - 00000000 ____D C:\Program Files (x86)\Creative 2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\ProgramData\Creative 2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\Program Files\Creative 2013-06-18 10:40 - 2012-02-03 20:27 - 00000051 __RAH C:\Windows\ctfile.rfc 2013-06-18 10:18 - 2012-04-09 13:14 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\TS3Client 2013-06-18 10:18 - 2011-11-19 02:10 - 00000000 ____D C:\Windows\Panther 2013-06-18 10:18 - 2011-11-18 18:59 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln 2013-06-17 13:00 - 2011-11-21 21:54 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-17 11:42 - 2012-06-26 22:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-17 11:42 - 2011-11-18 17:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-08 16:08 - 2013-06-17 12:59 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-17 12:59 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-17 12:59 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-17 12:59 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-17 12:59 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-17 12:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-05 11:59 - 2012-05-10 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-06-02 19:22 - 2013-06-02 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-25 20:09 - 2012-11-15 14:08 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Skype 2013-05-25 19:06 - 2013-05-25 18:56 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe 2013-05-25 18:59 - 2011-11-18 22:12 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\ICQ 2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-25 18:56 - 2012-11-15 14:08 - 00000000 ____D C:\ProgramData\Skype 2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-16 13:06 ==================== End Of Log ============================ --- --- --- [/CODE] Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013 Ran by DaVinci at 2013-06-20 12:46:32 Run: Running from C:\Users\DaVinci\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Ad-Aware Security Add-on (Version: 2.2.0.17) Adobe AIR (Version: 2.5.1.17730) Adobe Flash Player 11 ActiveX (Version: 11.6.602.168) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.5) - Deutsch (Version: 10.1.5) Adobe Shockwave Player 11.6 (Version: 11.6.1.629) Advertising Center (Version: 0.0.0.1) Allgemeine Runtime Files (x86) (Version: 1.0.3.2) Amazon Kindle ASRock InstantBoot v1.26 Assassin's Creed Revelations (Version: 1.01) BioShock Infinite Brother MFL-Pro Suite DCP-7055 (Version: 1.0.7.0) CCleaner (Version: 3.12) Counter-Strike: Global Offensive Creative Systeminformationen (Version: 1.10) Day of Defeat Deathmatch Classic Desktop Icon für Amazon (Version: 1.0.1 (de)) Dishonored (Version: 1.0) Dolby Digital Live Pack (Version: 3.03) DolbyFiles (Version: 2.0) Dragon Age II (Version: 1.04) Dragon Age: Origins (Version: 1.00) eReg (Version: 1.20.138.34) Etron USB3.0 Host Controller (Version: 0.96) FireJump 1.0.1.8 (Version: 1.0.1.8) GutscheinRausch.de - AddOn für Firefox (Version: 2.81) Half-Life: Blue Shift Half-Life: Opposing Force HTC Driver Installer (Version: 3.0.0.006) HTC Sync (Version: 3.0.5527) ICQ7.7 (Version: 7.7) ImagXpress (Version: 7.0.74.0) Intel(R) Management Engine Components (Version: 7.0.0.1144) Java 7 Update 11 (Version: 7.0.110) Java Auto Updater (Version: 2.1.9.0) Java(TM) 6 Update 27 (Version: 6.0.270) Java(TM) 6 Update 29 (64-bit) (Version: 6.0.290) Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40) JavaFX 2.1.1 (Version: 2.1.1) Logitech SetPoint 6.32 (Version: 6.32.20) maxdome Download Manager 4.1.300.78 (Version: 4.1.30078) Menu Templates - Starter Kit (Version: 9.4.2.0) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 1.1 SP1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 17.0.6) Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Nero BurnRights (Version: 3.4.10.100) Nero DiscSpeed (Version: 5.4.10.100) Nero DriveSpeed (Version: 4.4.10.100) Nero InfoTool (Version: 6.4.10.100) Nero Installer (Version: 4.4.8.1) Nero StartSmart (Version: 9.4.11.100) NeroBurningROM (Version: 9.4.13.100) NeroExpress (Version: 9.4.13.100) neroxml (Version: 1.0.0) NVIDIA 3D Vision Controller-Treiber 285.62 (Version: 285.62) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (Version: 9.11.1111) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenOffice.org 3.3 (Version: 3.3.9567) PaperPort Image Printer 64-bit (Version: 1.00.0001) PunkBuster Services (Version: 0.991) Rayman Origins (Version: 1.02) Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010) Realtek High Definition Audio Driver (Version: 6.0.1.6167) Ricochet Saitek Cyborg Keyboard Volume 6.2.1.3 (Version: 6.2.1.3) Saitek SD6 Programming Software 6.2.1.3 (Version: 6.2.1.3) Samsung SSD Magician (Version: 1.2) SearchAnonymizer (Version: 1.0.1 (de)) Skype™ 6.3 (Version: 6.3.107) Sound Blaster Recon3D PCIe (Version: 1.00.07) Spybot - Search & Destroy (Version: 2.0.12) Steam (Version: 1.0.0.0) System Requirements Lab Team Fortress Classic TeamSpeak 3 Client (Version: 3.0.10.1) True - ROCCAT 1.1.0 TuneUp Utilities 2013 (Version: 13.0.3020.2) TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2) TuneUp Utilities Language Pack (de-DE) (Version: 9.0.6030.1) Ubisoft Game Launcher (Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) VLC media player 1.1.11 (Version: 1.1.11) World of Warcraft ==================== Restore Points ========================= 18-06-2013 08:40:52 Entfernt Host OpenAL ==================== Scheduled Tasks (whitelisted) ============= Task: {160EB9A1-34C2-4EDB-8593-F477858276F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {2CAB5863-30BB-4FFB-BB14-ECB277AC09AB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation) Task: {30B7400E-E04F-4025-8342-DFEC7B118A93} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {363552DC-4F26-4989-BA08-092CE552CF9A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software) Task: {472C8353-AB91-47EE-8E7C-BA0461A4C4D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {47AEFD34-857E-4612-BC6B-ADF257CEAFE3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {4A8F3393-28F5-42DD-B872-65B7DF9B24EB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.) Task: {4B773A63-C22A-4028-A7F1-07EE11B5EA26} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated) Task: {6B746E97-9ECA-41D7-9E37-FB7D4291BFA7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {81DF71DB-90FB-4990-B112-2B979F3AFE72} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated) Task: {891E8033-18BC-436A-A940-3B71E81F7016} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File Task: {972DAC66-D746-48F7-8C8F-AE4CF357E3DF} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation) Task: {ACC075F7-09A6-4B91-815C-E38545BDAEDB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {EFD3A809-DAD3-4AF1-B14B-69C08B68CEC6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe No File ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/20/2013 00:38:46 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 00:23:31 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:24:48 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:21:40 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:12:30 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:06:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000218a ID des fehlerhaften Prozesses: 0x57c Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Error: (06/19/2013 11:59:38 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 11:53:22 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f957dd Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000155149 ID des fehlerhaften Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0 Pfad der fehlerhaften Anwendung: nvtray.exe1 Pfad des fehlerhaften Moduls: nvtray.exe2 Berichtskennung: nvtray.exe3 Error: (06/19/2013 11:36:30 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 10:51:28 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/20/2013 00:40:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/20/2013 00:40:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/20/2013 00:35:07 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.153.22.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.2.0223.00 Quellpfad: 4.2.0223.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (06/20/2013 00:25:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/20/2013 00:25:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/19/2013 00:35:55 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.153.22.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.2.0223.00 Quellpfad: 4.2.0223.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (06/19/2013 00:26:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/19/2013 00:26:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/19/2013 00:23:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/19/2013 00:23:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (06/20/2013 00:38:46 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 00:23:31 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:24:48 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:21:40 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:12:30 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 00:06:46 PM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a57c01ce6cd413a7839eC:\Users\DaVinci\Desktop\gmer_2.1.19163.exeC:\Users\DaVinci\Desktop\gmer_2.1.19163.exef2e1f2a7-d8c7-11e2-9858-002522d93037 Error: (06/19/2013 11:59:38 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/19/2013 11:53:22 AM) (Source: Application Error)(User: ) Description: nvtray.exe7.17.13.110650f957ddnvtray.exe7.17.13.110650f957dd400000150000000000155149de401ce6cd0869bb007C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe13309109-d8c6-11e2-939d-002522d93037 Error: (06/19/2013 11:36:30 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 10:51:28 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-02-22 15:06:30.428 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-22 11:09:20.597 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-20 16:52:01.446 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-20 16:35:42.885 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\wow64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 4078.06 MB Available physical RAM: 2748.91 MB Total Pagefile: 8154.3 MB Available Pagefile: 6739.72 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.02 GB) (Free:20.61 GB) NTFS (Disk=1 Partition=3) Drive d: () (Fixed) (Total:146.48 GB) (Free:146.39 GB) NTFS (Disk=0 Partition=1) Drive e: () (Fixed) (Total:151.6 GB) (Free:108.64 GB) NTFS (Disk=0 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 21B37DF1) Partition 1: (Not Active) - (Size=146 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=152 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 119 GB) (Disk ID: 00000000) Partition: GPT Partition Type ==================== End Of Log ============================ Mfg Sýd |
20.06.2013, 12:21 | #4 | |
/// the machine /// TB-Ausbilder | Trojan:Win32/Matsun, LogsCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.06.2013, 11:01 | #5 |
| Trojan:Win32/Matsun, Logs Hallo, habe wie vorgeschrieben alle Programme ausgemacht, dennoch zeigte mir Combofix an, sie seien noch aktiv. Weder in der Taskleiste rechts unten noch im Taskmanager konnte ich Prozesse/Anwendungen finden die auf Spybot oder Security Essentials hinwiesen. Code:
ATTFilter Combofix Logfile: Mfg Sýd |
21.06.2013, 12:55 | #6 |
/// the machine /// TB-Ausbilder | Trojan:Win32/Matsun, Logs Passt Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST Logfile. Noch Probleme?
__________________ --> Trojan:Win32/Matsun, Logs |
22.06.2013, 00:39 | #7 |
| Trojan:Win32/Matsun, Logs Hallo, habe die Anweisungen befolgt, aber Security Check hat scheinbar nicht funktioniert, ich habe es gestartet und bekam folgendes zu lesen: Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! alles andere ging problemlos, hier die Logs: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 21/06/2013 um 22:46:55 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : DaVinci - DAVINCI-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\DaVinci\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : SearchAnonymizer ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml Ordner Gelöscht : C:\Program Files (x86)\adawaretb Ordner Gelöscht : C:\ProgramData\blekko toolbars Ordner Gelöscht : C:\ProgramData\search protection Ordner Gelöscht : C:\Users\DaVinci\AppData\LocalLow\adawaretb Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\blekko Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\adawaretb Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\extensions\firejump@firejump.net Ordner Gelöscht : C:\Users\DaVinci\AppData\Roaming\OCS ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawaretb Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKLM\Software\adawaretb Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\prefs.js C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [3150 octets] - [21/06/2013 22:46:55] ########## EOF - C:\AdwCleaner[S1].txt - [3210 octets] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Professional x64 Ran by DaVinci on 2013-06-21 at 22:54:23,94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-236201796-2842626628-2122523665-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\DaVinci\appdata\local\adawarebp" ~~~ FireFox Successfully deleted: [Folder] C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack Successfully deleted: [Folder] C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C} Successfully deleted the following from C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\prefs.js user_pref("browser.search.defaulturl", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=7471FD209B2253C56647FE50AE83CEAC"); user_pref("keyword.URL", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=7471FD209B2253C56647FE50AE83CEAC&q="); Emptied folder: C:\Users\DaVinci\AppData\Roaming\mozilla\firefox\profiles\83k93miq.default\minidumps [7 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2013-06-21 at 22:56:59,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=bf87261f4e45f147a8439898d6541b86 # engine=14129 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-21 11:10:03 # local_time=2013-06-22 01:10:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 50198473 123486053 0 0 # scanned=264764 # found=1 # cleaned=0 # scan_time=7516 sh=F196A2F4E47E9C27F46BFD6509BEF5C8E6FAAC5D ft=1 fh=c71c00118a33948f vn="a variant of Win32/Injector.AIKK trojan" ac=I fn="C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe" FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 02 Ran by DaVinci (administrator) on 22-06-2013 01:24:57 Running from C:\Users\DaVinci\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [186880 2008-01-18] (Saitek) HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-01-18] (Saitek) HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [352256 2008-01-18] (Saitek) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe [122368 2013-06-19] (CJSC "Computing Forces") HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-11-16] (Lavasoft) HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.) HKU\UpdatusUser\...\Run: [zASRockInstantBoot] [x] HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation) HKU\UpdatusUser\...\Run: [CTRegRun] C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd ) HKU\UpdatusUser\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x] HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [x] HKU\UpdatusUser\...\RunOnce: [InetReg] "C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 [x] Startup: C:\Users\DaVinci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {0DFC1506-A213-4AD2-BF3A-B7D16AB1661F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {31631685-EB30-4952-9C62-13C32BF15F47} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {32F517FE-A623-422E-85CD-115A391E411F} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {758F30B4-EDAE-414B-9ADB-70A79CDD2A0D} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {BF792BF7-5417-44B5-BFCB-6AA1BFDD2ABC} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 SearchScopes: HKCU - {FA0A1C98-1314-410E-BBFC-5BE29AF51A60} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6c878d72-68a6-4dc6-a2e5-aa9823738410&pid=icqt&mode=bounce&k=0 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Gutscheinrausch.de - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\mail@gutscheinrausch.de FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\firejump_1027.zip FF Extension: No Name - C:\Users\DaVinci\AppData\Roaming\Mozilla\Firefox\Profiles\83k93miq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-10] () R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S3 DFU; C:\Windows\System32\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL) S3 DFU; C:\Windows\SysWow64\drivers\MassDfu.sys [14592 2011-12-11] (Philips PTCL) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-22] (GFI Software) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2008-02-18] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [41216 2008-02-18] (Saitek) S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 cthda; system32\drivers\cthda.sys [x] U3 JavaQuickStarterService; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-22 01:24 - 2013-06-22 01:24 - 01930924 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe 2013-06-22 01:19 - 2013-06-22 01:19 - 00000041 ____A C:\Users\DaVinci\Desktop\checkup.txt 2013-06-22 01:17 - 2013-06-22 01:17 - 00890839 ____A C:\Users\DaVinci\Desktop\SecurityCheck.exe 2013-06-21 23:00 - 2013-06-21 23:00 - 02347384 ____A (ESET) C:\Users\DaVinci\Desktop\esetsmartinstaller_enu.exe 2013-06-21 22:56 - 2013-06-21 22:56 - 00002429 ____A C:\Users\DaVinci\Desktop\JRT.txt 2013-06-21 22:54 - 2013-06-21 22:54 - 00000000 ____D C:\Windows\ERUNT 2013-06-21 22:53 - 2013-06-21 22:53 - 00000000 ____D C:\JRT 2013-06-21 22:50 - 2013-06-21 22:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\DaVinci\Desktop\JRT.exe 2013-06-21 22:49 - 2013-06-21 22:49 - 00003273 ____A C:\Users\DaVinci\Desktop\AdwCleaner[S1].txt 2013-06-21 22:46 - 2013-06-21 22:47 - 00003273 ____A C:\AdwCleaner[S1].txt 2013-06-21 22:44 - 2013-06-21 22:45 - 00648201 ____A C:\Users\DaVinci\Desktop\adwcleaner.exe 2013-06-21 11:52 - 2013-06-21 11:52 - 00018752 ____A C:\ComboFix.txt 2013-06-21 11:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-06-21 11:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-06-21 11:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-06-21 11:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-06-21 11:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-06-21 11:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-06-21 11:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-06-21 11:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-06-21 11:46 - 2013-06-21 11:52 - 00000000 ____D C:\Qoobox 2013-06-21 11:46 - 2013-06-21 11:51 - 00000000 ____D C:\Windows\erdnt 2013-06-21 11:42 - 2013-06-21 11:42 - 05081922 ____R (Swearware) C:\Users\DaVinci\Desktop\ComboFix.exe 2013-06-20 12:46 - 2013-06-20 12:46 - 00020667 ____A C:\Users\DaVinci\Desktop\Addition.txt 2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST 2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log 2013-06-19 12:00 - 2013-06-20 13:07 - 00010412 ____A C:\Users\DaVinci\Desktop\trojaner.odt 2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt 2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt 2013-06-19 11:52 - 2013-06-19 12:15 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log 2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable 2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe 2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe 2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe 2013-06-18 10:51 - 2013-06-21 22:48 - 00001447 ____A C:\Windows\setupact.log 2013-06-18 10:51 - 2013-06-21 22:42 - 00002654 ____A C:\Windows\PFRO.log 2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log 2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln 2013-06-17 12:59 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-17 12:59 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-17 12:59 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-17 12:59 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-17 12:59 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-17 12:59 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-17 12:59 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-17 12:59 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-17 12:59 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-17 12:59 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-17 12:59 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-17 12:59 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-17 12:59 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-17 12:59 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-17 12:59 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-17 12:59 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-17 12:59 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-17 12:55 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-17 12:55 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-17 12:55 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-17 12:55 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-17 12:55 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-17 12:55 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-17 12:55 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-17 12:55 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-17 12:55 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-17 12:55 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-17 12:55 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-17 12:55 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-17 12:55 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-17 12:55 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-17 12:55 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-17 12:55 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-17 12:55 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-16 20:55 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-16 20:55 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-02 19:19 - 2013-06-02 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-30 16:23 - 2013-06-18 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-25 18:56 - 2013-05-25 19:06 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe 2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe ==================== One Month Modified Files and Folders ======= 2013-06-22 01:24 - 2013-06-22 01:24 - 01930924 ____A (Farbar) C:\Users\DaVinci\Desktop\FRST64.exe 2013-06-22 01:19 - 2013-06-22 01:19 - 00000041 ____A C:\Users\DaVinci\Desktop\checkup.txt 2013-06-22 01:17 - 2013-06-22 01:17 - 00890839 ____A C:\Users\DaVinci\Desktop\SecurityCheck.exe 2013-06-21 23:02 - 2011-11-19 02:08 - 00664618 ____A C:\Windows\System32\perfh007.dat 2013-06-21 23:02 - 2011-11-19 02:08 - 00134786 ____A C:\Windows\System32\perfc007.dat 2013-06-21 23:02 - 2009-07-14 07:13 - 01527550 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-21 23:00 - 2013-06-21 23:00 - 02347384 ____A (ESET) C:\Users\DaVinci\Desktop\esetsmartinstaller_enu.exe 2013-06-21 22:59 - 2011-11-18 17:17 - 01769527 ____A C:\Windows\WindowsUpdate.log 2013-06-21 22:56 - 2013-06-21 22:56 - 00002429 ____A C:\Users\DaVinci\Desktop\JRT.txt 2013-06-21 22:55 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-21 22:55 - 2009-07-14 06:45 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-21 22:54 - 2013-06-21 22:54 - 00000000 ____D C:\Windows\ERUNT 2013-06-21 22:53 - 2013-06-21 22:53 - 00000000 ____D C:\JRT 2013-06-21 22:50 - 2013-06-21 22:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\DaVinci\Desktop\JRT.exe 2013-06-21 22:49 - 2013-06-21 22:49 - 00003273 ____A C:\Users\DaVinci\Desktop\AdwCleaner[S1].txt 2013-06-21 22:48 - 2013-06-18 10:51 - 00001447 ____A C:\Windows\setupact.log 2013-06-21 22:48 - 2011-11-18 18:14 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-21 22:48 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-21 22:47 - 2013-06-21 22:46 - 00003273 ____A C:\AdwCleaner[S1].txt 2013-06-21 22:45 - 2013-06-21 22:44 - 00648201 ____A C:\Users\DaVinci\Desktop\adwcleaner.exe 2013-06-21 22:42 - 2013-06-18 10:51 - 00002654 ____A C:\Windows\PFRO.log 2013-06-21 11:52 - 2013-06-21 11:52 - 00018752 ____A C:\ComboFix.txt 2013-06-21 11:52 - 2013-06-21 11:46 - 00000000 ____D C:\Qoobox 2013-06-21 11:51 - 2013-06-21 11:46 - 00000000 ____D C:\Windows\erdnt 2013-06-21 11:51 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini 2013-06-21 11:42 - 2013-06-21 11:42 - 05081922 ____R (Swearware) C:\Users\DaVinci\Desktop\ComboFix.exe 2013-06-20 13:07 - 2013-06-19 12:00 - 00010412 ____A C:\Users\DaVinci\Desktop\trojaner.odt 2013-06-20 12:46 - 2013-06-20 12:46 - 00020667 ____A C:\Users\DaVinci\Desktop\Addition.txt 2013-06-20 12:45 - 2013-06-20 12:45 - 00000000 ____D C:\FRST 2013-06-20 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-19 12:16 - 2013-06-19 12:16 - 00008262 ____A C:\Users\DaVinci\Desktop\Gmer.log 2013-06-19 12:15 - 2013-06-19 11:52 - 00000476 ____A C:\Users\DaVinci\Desktop\defogger_disable.log 2013-06-19 11:57 - 2013-06-19 11:57 - 00076934 ____A C:\Users\DaVinci\Desktop\Extras.Txt 2013-06-19 11:56 - 2013-06-19 11:56 - 00074876 ____A C:\Users\DaVinci\Desktop\OTL.Txt 2013-06-19 11:52 - 2013-06-19 11:52 - 00000000 ____A C:\Users\DaVinci\defogger_reenable 2013-06-19 11:52 - 2011-11-18 17:17 - 00000000 ____D C:\users\DaVinci 2013-06-19 11:43 - 2013-06-19 11:43 - 00377856 ____A C:\Users\DaVinci\Desktop\gmer_2.1.19163.exe 2013-06-19 11:42 - 2013-06-19 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\DaVinci\Desktop\OTL.exe 2013-06-19 11:41 - 2013-06-19 11:41 - 00050477 ____A C:\Users\DaVinci\Desktop\Defogger.exe 2013-06-18 10:51 - 2013-06-18 10:51 - 00294344 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00064152 ____A C:\Users\DaVinci\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-18 10:51 - 2013-06-18 10:51 - 00000000 ____A C:\Windows\setuperr.log 2013-06-18 10:43 - 2013-05-30 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-18 10:41 - 2012-02-03 20:26 - 00000000 ____D C:\Program Files (x86)\Creative 2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\ProgramData\Creative 2013-06-18 10:40 - 2012-02-03 20:28 - 00000000 ____D C:\Program Files\Creative 2013-06-18 10:40 - 2012-02-03 20:27 - 00000051 __RAH C:\Windows\ctfile.rfc 2013-06-18 10:18 - 2012-04-09 13:14 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\TS3Client 2013-06-18 10:18 - 2011-11-19 02:10 - 00000000 ____D C:\Windows\Panther 2013-06-18 10:18 - 2011-11-18 18:59 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-18 10:13 - 2013-06-18 10:13 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln 2013-06-17 13:00 - 2011-11-21 21:54 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-17 11:42 - 2012-06-26 22:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-17 11:42 - 2011-11-18 17:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-08 16:08 - 2013-06-17 12:59 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-17 12:59 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-17 12:59 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-17 12:59 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-17 12:59 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-17 12:59 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-17 12:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-17 12:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-05 11:59 - 2012-05-10 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-06-02 19:22 - 2013-06-02 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-25 20:09 - 2012-11-15 14:08 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\Skype 2013-05-25 19:06 - 2013-05-25 18:56 - 228075456 ____A (NVIDIA Corporation) C:\Users\DaVinci\Downloads\320.18-desktop-win8-win7-winvista-64bit-international-whql.exe 2013-05-25 18:59 - 2011-11-18 22:12 - 00000000 ____D C:\Users\DaVinci\AppData\Roaming\ICQ 2013-05-25 18:56 - 2013-05-25 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-25 18:56 - 2012-11-15 14:08 - 00000000 ____D C:\ProgramData\Skype 2013-05-25 18:55 - 2013-05-25 18:55 - 01337448 ____A (Skype Technologies S.A.) C:\Users\DaVinci\Downloads\SkypeSetup(1).exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-16 13:06 ==================== End Of Log ============================ --- --- --- --- --- --- Mfg Sýd |
22.06.2013, 13:02 | #8 |
/// the machine /// TB-Ausbilder | Trojan:Win32/Matsun, Logs Hi, SecurityCheck spinnt manchmal rum, kein Problem Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln HKCU\...\Run: [jrtecxbt] C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln\gauigcxbt.exe [122368 2013-06-19] (CJSC "Computing Forces")
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.06.2013, 18:23 | #9 |
| Trojan:Win32/Matsun, Logs Hallo, hier nun das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013 Ran by DaVinci at 2013-06-22 19:15:55 Run:1 Running from C:\Users\DaVinci\Desktop Boot Mode: Normal ============================================== C:\Users\DaVinci\AppData\Roaming\Ckfgfzgjbln => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\jrtecxbt => Value not found. ==== End of Fixlog ==== Oder weißt der Satz "Value not found" im Log darauf hin, dass ich was verbockt habe?^^ Mfg Sýd |
22.06.2013, 18:56 | #10 |
/// the machine /// TB-Ausbilder | Trojan:Win32/Matsun, Logs Nö alles gut und wir sind fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.06.2013, 20:29 | #11 |
| Trojan:Win32/Matsun, Logs Hallo, soweit ist alles erledigt und an dieser Stelle mal ein riesen Danke!! Ich war zuerst etwas skeptisch, da ich in diversen Foren schon mitbekommen habe, dass Leute eher verarscht werden, als dass ihnen geholfen wird. Hier jedoch war ich sehr positiv überrascht, sowohl was die prompten Antworten und professionellen Tipps und Anweisungen betrifft, als auch von der Tatsache, dass ihr das hier alles unentgeldlich betreibt, wie ich gelesen habe. So etwas findet man heutzutage nicht mehr oft. Du/Ihr habt mir eine Menge arbeit erspart und deshalb werde ich euch auch mit einer kleinen Spende ein wenig unterstützen! Sollte ich mal auf jemanden treffen, dessen Rechner sich etwas eingefangen hat, werde ich euch sofort weiterempfehlen!! Auch wenn es verdient wäre, fallen mir keine weiteren Lobgesänge mehr ein Abschließend habe ich dennoch eine Frage. Versteh diese jedoch bitte nicht als Beleidigung, deine/eure Professionalität habt ihr zu Genüge bewiesen. Da ich aber mit meinem Rechner auf alle wichtigen Daten (Bank usw) zugreife, möchte ich eben noch einmal genau fragen: Kann ich nun wieder bedenkenlos alle Passwörter, Pins & Co. nutzen? (Natürlich unter der Voraussetzung, dass Ich nicht erneut einen dummen Fehler mache ) Mit freundlichsten Grüßen und bestem Dank an das gesamte Team, ob geholfen oder nicht Sýdnaý |
23.06.2013, 08:54 | #12 |
/// the machine /// TB-Ausbilder | Trojan:Win32/Matsun, Logs Kannst Du Passwörter würde ich allgemein ändern, OnlineBanking wäre ich auch mit neuem frischem System vorsichtig, je nachdem wie du das machst. Ich empfehle mindestens ChipTan. und Gern Geschhehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Trojan:Win32/Matsun, Logs |
.com, ad-aware, bho, error, fehler, flash player, homepage, iexplore.exe, install.exe, internet, logfile, mozilla, plug-in, prozess, realtek, registry, scan, security, software, svchost.exe, system, system error, teamspeak, trojan, trojaner, windows |