|
Log-Analyse und Auswertung: Merkwürdige Datei auf der Festplatte gefunden "END"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.07.2013, 02:52 | #1 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Hallo liebes Trojaner-Board, leider habe ich auf meiner Festplatte eine merkwürdige Datei gefunden. Wenn ich meine Festplatte öffne, sieht alles ganz normal aus, allerdings ist dort eine Datei die mir verdächtig vorkommt. Sie heißt "END" und ist 9 Byte groß. Das Erstellungsdatum war laut Windows am 26.5.2013. Nun weiß ich nicht wirklich was ich machen soll. Was ist das für eine Datei? Ist sie schädlich? Wie entferne ich sie? Bisher habe ich sie nur als Textdatei geöffnet, dann ist folgendes zu lesen:"ConduitOK". Der PC läuft bisher übrigens ganz normal, es gibt keine Beschwerden. OTL: OTL logfile created on: 07.07.2013 02:49:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristan\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,36% Memory free 15,93 Gb Paging File | 14,09 Gb Available in Paging File | 88,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 290,90 Gb Free Space | 62,47% Space Free | Partition Type: NTFS Computer Name: TRISTAN-PC | User Name: Tristan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.07 02:47:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristan\Desktop\OTL.exe PRC - [2013.06.26 12:14:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.26 12:13:57 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.26 12:13:57 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.14 02:25:44 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.04.13 21:32:45 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe PRC - [2013.04.03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013.04.03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe ========== Modules (No Company Name) ========== MOD - [2013.05.15 16:27:54 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013.05.15 16:27:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.15 16:27:40 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013.05.15 16:27:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.15 16:27:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll MOD - [2013.04.16 09:39:29 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll MOD - [2013.04.15 17:12:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll MOD - [2013.04.15 17:12:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.04.15 17:12:17 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll MOD - [2013.04.15 17:12:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.04.15 17:12:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.04.15 17:12:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.04.15 17:12:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.26 12:14:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.26 12:13:57 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.21 01:05:50 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.14 02:25:44 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.04.03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.05.24 09:16:54 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.07.07 02:40:39 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013.07.07 01:54:30 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2013.05.26 20:26:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.05.26 20:21:41 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2013.04.13 21:32:45 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.03.06 15:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 15:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 15:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.01.03 10:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.05.21 06:04:18 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B AE EC 3F 87 38 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{4C8F3E2C-A122-408a-86C4-059AC1EC6A12}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - Extension: Google Docs = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: SciLor's Grooveshark(tm) Unlocker = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0\ CHR - Extension: AdBlock = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\ CHR - Extension: Google Mail = C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [zASRockInstantBoot] File not found O4 - Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.188.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75DAE2F7-FB78-476B-9338-9541D2050005}: DhcpNameServer = 192.168.188.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f8903caf-a3d5-11e2-a287-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8903caf-a3d5-11e2-a287-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.07.07 02:47:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tristan\Desktop\OTL.exe [2013.07.07 01:54:30 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.07.07 01:54:30 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Roaming\Spyware Terminator [2013.07.07 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.07.07 01:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.07.07 01:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013.06.23 10:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.21 19:41:16 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Roaming\LolClient [2013.06.21 18:57:37 | 000,000,000 | ---D | C] -- C:\Riot Games [2013.06.21 18:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends [2013.06.21 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Local\PMB Files [2013.06.21 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.06.21 18:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.06.21 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\Tristan\.swt [2013.06.14 15:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.06.14 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.06.14 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.06.14 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.06.14 15:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.06.14 15:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.06.14 15:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.06.14 15:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.06.14 15:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.06.14 15:28:56 | 000,000,000 | ---D | C] -- C:\Fraps [2013.06.13 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Tristan\AppData\Local\IW4M [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.07 02:48:43 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.07 02:48:43 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.07 02:47:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristan\Desktop\OTL.exe [2013.07.07 02:46:51 | 000,000,168 | ---- | M] () -- C:\Users\Tristan\defogger_reenable [2013.07.07 02:40:39 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.07.07 02:40:39 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.07.07 02:40:35 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.07 02:40:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.07 02:40:25 | 2118,393,855 | -HS- | M] () -- C:\hiberfil.sys [2013.07.07 01:54:30 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.07.07 01:32:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.05 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.07.03 23:30:07 | 000,001,354 | ---- | M] () -- C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013.06.26 12:14:13 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.24 15:05:07 | 000,001,166 | ---- | M] () -- C:\Users\Tristan\Desktop\CoreTemp.ini [2013.06.23 15:11:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.23 15:11:13 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.23 15:11:13 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.23 15:11:13 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.23 15:11:13 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.22 12:51:21 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.06.22 12:51:21 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.06.22 12:51:01 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.06.21 19:01:39 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2013.06.21 18:33:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.12 17:12:13 | 000,010,550 | ---- | M] () -- C:\Users\Tristan\Desktop\battlefield_3_premium_key_14000763_F6S2CPSM.jpg [2013.06.12 17:12:03 | 000,012,110 | ---- | M] () -- C:\Users\Tristan\Desktop\battlefield_3_key_multiplayer_head_start_kit_key_42592210_XJJNYMTU.jpg [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.07 02:46:51 | 000,000,168 | ---- | C] () -- C:\Users\Tristan\defogger_reenable [2013.07.03 23:29:51 | 000,001,354 | ---- | C] () -- C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013.06.21 19:01:39 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2013.06.13 00:28:25 | 000,001,120 | ---- | C] () -- C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play IW4M (Modern Warfare 2).lnk [2013.06.12 17:12:13 | 000,010,550 | ---- | C] () -- C:\Users\Tristan\Desktop\battlefield_3_premium_key_14000763_F6S2CPSM.jpg [2013.06.12 17:12:03 | 000,012,110 | ---- | C] () -- C:\Users\Tristan\Desktop\battlefield_3_key_multiplayer_head_start_kit_key_42592210_XJJNYMTU.jpg [2013.04.14 01:24:42 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.04.14 01:24:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.04.13 22:45:32 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.13 22:00:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.13 21:34:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013.04.13 21:34:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013.04.13 21:34:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013.04.13 21:34:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.04.13 21:34:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.04.13 21:32:51 | 000,000,003 | ---- | C] () -- C:\Users\Tristan\AppData\Local\user_data.ini [2013.04.13 21:24:59 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2013.04.13 21:24:59 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.04.13 21:24:59 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.04.13 21:24:59 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\DAEMON Tools Lite [2013.04.16 02:47:31 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\DeviceVm [2013.05.06 00:37:50 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Leadertech [2013.06.21 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\LolClient [2013.05.26 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\OpenCandy [2013.04.26 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\OpenOffice.org [2013.06.08 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Origin [2013.07.07 01:54:30 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\Spyware Terminator [2013.04.29 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\The Creative Assembly [2013.07.04 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\Tristan\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 07.07.2013 02:49:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristan\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,36% Memory free 15,93 Gb Paging File | 14,09 Gb Available in Paging File | 88,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 290,90 Gb Free Space | 62,47% Space Free | Partition Type: NTFS Computer Name: TRISTAN-PC | User Name: Tristan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0276DA22-EFED-4267-AFD3-7EADC03BA1D7}" = lport=57544 | protocol=17 | dir=in | name=pando media booster | "{8AF8EDBD-0C2E-4DB7-872E-FB447AAA6C8B}" = lport=57544 | protocol=6 | dir=in | name=pando media booster | "{CD2E4394-8E53-4243-9CAA-B5E764417A07}" = lport=57544 | protocol=17 | dir=in | name=pando media booster | "{D2AE67BC-3A4D-47D0-9BC4-A9EF8208C524}" = lport=57544 | protocol=6 | dir=in | name=pando media booster | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{097778E2-7ED0-49F1-A76B-2116B15A0B1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0F28B379-CB8C-42F1-93A5-CB9EA16DD6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{19F43090-2DDC-46A3-9D40-750E3FE7BA65}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{1CF977CA-EEB4-4272-A117-4062DF07DF7D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{21B18E58-A65E-4AE7-8FAA-7B731369A6ED}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{223EA740-23ED-4EFC-AFAD-F61BDAC0A3B2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2A0FA25C-A4CE-46C5-815D-963E9371F145}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{2A29D970-E0C9-4F97-AA4E-5B063C09AA88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{342741C9-8699-4FB8-B470-A409684C5715}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{3B97C120-0145-4347-85B3-9CA10FDFF0DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{3C157466-5625-462A-858A-542320FD6F86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{440EA94A-1D95-4E29-B238-3ADCA9EAC556}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{5B6D6E91-8099-48B2-A7E4-85794C5054BF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{64871FB3-04F7-458B-B5B3-0D35864DE777}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{7121BB76-2044-4080-9E7A-65323C192FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{87DE00C1-2A39-4BE8-8B7F-926BC9AF1CEE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{8ACC5AF1-C978-446C-A887-47CEF7698D43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{92BCFFD3-1FE6-42F5-B9F2-8849A8D0D4EA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9516962C-6142-47F3-BCF0-8EA4999A6AEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{97A16679-E744-4524-A25C-E021825779B0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{9933076B-C4A7-4392-96D7-D3C91F27AF05}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A0C6BC46-870C-4335-87CD-62D98DDFF671}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A0DCD29E-0741-4566-9717-04010D60FAB6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A91A1B09-B693-4953-A700-8D00FC0FD427}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{B1808168-CD7A-4A4B-9E09-E647F5E3C3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B5A7672C-A2BF-48B6-B85E-A658CE0F1D78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C0ACF8FC-22FF-486F-B915-97A0CD9C76D1}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{DBC3F649-5FD7-4590-B86B-AA35349180C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{E23BBD37-B2C1-497F-B255-8E3702159FDD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{E33A788C-C971-44EA-BE07-15C52D5BB37C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{E3C6003A-130B-4C88-8015-73AD6EBEA746}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{E81614BA-7B0A-482B-B3C3-AB79F261C4BD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{ED79BE0D-5B85-43AC-A8F4-8617F6F6B390}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{EDE20C98-EA3E-4975-BD44-8894BD789BE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{F252B95E-328C-41C1-B433-5A9330FB79D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F7835B36-3CDF-45C1-901B-9C9FD8002DC9}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{FAEF6B7F-8784-42BF-9FE4-ED6680B8770C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{FD8B2538-638F-455D-8F7E-BAE9AB2D60B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "TCP Query User{0747B6E8-D366-4A38-9528-82D31303D31A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | "TCP Query User{81BFD8CC-C890-4B42-A96E-D2D6AE6AADD7}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "TCP Query User{A9C27E02-D316-4B38-BB5B-F382A24A41DC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{B87016D3-56F8-4BDF-9BD4-3AC566649B00}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{BF733011-B984-4703-9A14-5C7282191C7D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{C2C05653-340F-4ABD-9ECE-A88690F37C02}C:\users\tristan\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\tristan\appdata\local\iw4m\iw4m.dat | "TCP Query User{F3AC80CD-6AAB-4A6E-A049-9EDB214B50F7}C:\users\tristan\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\tristan\appdata\local\temp\gw2.exe | "UDP Query User{0703E576-3FCE-4401-8BDA-F01ED8592112}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{160EF2A1-86EE-445E-BFFF-9D5B8540B93C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "UDP Query User{57610685-2989-4D65-9E12-F48E0A53560B}C:\users\tristan\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\tristan\appdata\local\temp\gw2.exe | "UDP Query User{935BF5F2-5680-42DD-83DD-A12E537E640F}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | "UDP Query User{AD9B954B-C58F-4EBA-BC56-90CCB8CF4785}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{BB478420-A876-4AA3-A77A-7DAE768A7FBE}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{C0A92CBF-7E4F-4E95-A782-A10A94B6FE6C}C:\users\tristan\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\tristan\appdata\local\iw4m\iw4m.dat | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "ASRock App Charger_is1" = ASRock App Charger v1.0.5 "ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6 "ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "XFast LAN" = XFast LAN v6.61 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{09D5819F-0F1A-4480-A112-B5CCA58D9773}_is1" = Darkest Hour "{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian "{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean "{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai "{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese "{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian "{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio "{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish "{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional "{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish "{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander "{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German "{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English "{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech "{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common "{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.263 "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29 "Avira AntiVir Desktop" = Avira Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DAEMON Tools Lite" = DAEMON Tools Lite "DarthMod Napoleon" = DarthMod Napoleon "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps "Google Chrome" = Google Chrome "Guild Wars" = GUILD WARS "Guild Wars 2" = Guild Wars 2 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "StarCraft II" = StarCraft II "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 33910" = Arma 2 "Steam App 33930" = Arma 2: Operation Arrowhead "Steam App 34030" = Napoleon: Total War "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "XFastUSB" = XFastUSB ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.07.2013 10:48:00 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003 Description = Error - 06.07.2013 10:49:40 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 13:19:36 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003 Description = Error - 06.07.2013 13:21:16 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 13:39:29 | Computer Name = Tristan-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611, Zeitstempel: 0x5191e7aa Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x4a801f90 ID des fehlerhaften Prozesses: 0xce0 Startzeit der fehlerhaften Anwendung: 0x01ce7a6fb8195003 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 01ec696d-e663-11e2-bb5a-bc5ff465885f Error - 06.07.2013 18:07:58 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003 Description = Error - 06.07.2013 18:09:35 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 20:07:35 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003 Description = Error - 06.07.2013 20:40:39 | Computer Name = Tristan-PC | Source = ISCT Agent | ID = 1003 Description = Error - 06.07.2013 20:42:20 | Computer Name = Tristan-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.07.2013 05:26:20 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 05.07.2013 06:57:47 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 05.07.2013 13:30:37 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 05.07.2013 17:00:24 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.07.2013 09:31:00 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.07.2013 10:48:46 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.07.2013 13:20:25 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.07.2013 18:08:42 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.07.2013 20:08:34 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 06.07.2013 20:41:38 | Computer Name = Tristan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > Gmer: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-07 03:27:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST500DM0 rev.1AJ1 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Tristan\AppData\Local\Temp\fwdirfoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ad1a22 2 bytes [AD, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ad1ad0 2 bytes [AD, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ad1b08 2 bytes [AD, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ad1bba 2 bytes [AD, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ad1bda 2 bytes [AD, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b21465 2 bytes [B2, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b214bb 2 bytes [B2, 75] .text ... * 2 ---- EOF - GMER 2.1 ---- Da ich mir nicht sicher bin, ob es für euch wichtig ist: Ich habe Antivir nicht so schnell beendet gekriegt, deswegen habe ich es deinstalliert, aber nach dem Scan wieder installiert. Ich entschuldige mich schon mal dafür, dass ich keine Spoiler benutzt habe, irgendwie habe ich es nicht hingekriegt. Ich hoffe ihr könnt mir helfen. Mit freundlichen Grüßen, Semmel |
07.07.2013, 05:42 | #2 |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END" hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
07.07.2013, 12:22 | #3 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Danke für die schnelle Antwort,
__________________ich habe den Scan durchgeführt und hier sind die Ergebnisse: FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by Tristan (administrator) on 07-07-2013 13:18:01 Running from C:\Users\Tristan\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (cFos Software GmbH) C:\PROGRAM FILES\ASROCK\XFAST LAN\CFOSSPEED.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe (Creative Technology Ltd) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO\THXNBSET\THXAUDNB.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE (APN) C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVWEBGRD.EXE (Advanced Micro Devices Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE (ATI Technologies Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE (Microsoft Corporation) C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\MPAS-FE.EXE (Microsoft Corporation) C:\8731FCDFC4A699DAFC296FA430D64B79\MPSIGSTUB.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH) HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.) HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKCU\...\Run: [ASRockXTU] [x] HKCU\...\Run: [zASRockInstantBoot] [x] MountPoints2: {f8903caf-a3d5-11e2-a287-806e6f6e6963} - D:\ASRSetup.exe HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2013-04-13] (FNet Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [1558480 2013-07-03] (APN) Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.188.1 FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\19.52819_0 CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0 CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-20] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-03] (APN LLC.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-21] () R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-14] () R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com) ==================== Drivers (Whitelisted) ==================== R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-26] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-13] (FNet Co., Ltd.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-07] (Windows (R) Win 7 DDK provider) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-07-07] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST 2013-07-07 13:16 - 2013-07-07 13:17 - 01934636 ____A (Farbar) C:\Users\Tristan\Downloads\FRST64.exe 2013-07-07 13:12 - 2013-07-07 13:12 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira 2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Mozilla 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\APN 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-07 03:32 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-07-07 03:32 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-07-07 03:32 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt 2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe 2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe 2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt 2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt 2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log 2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable 2013-07-07 01:54 - 2013-07-07 02:07 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe 2013-06-22 01:31 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-22 01:31 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-22 01:31 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-22 01:31 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-22 01:31 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient 2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk 2013-06-21 19:01 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-06-21 19:01 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-06-21 19:01 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games 2013-06-21 18:33 - 2013-06-21 18:46 - 00000000 ____D C:\Program Files (x86)\League of Legends 2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files 2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-06-14 15:53 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\ATI Technologies 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-06-14 15:28 - 2013-06-14 15:34 - 00000000 ____D C:\Fraps 2013-06-13 00:28 - 2013-06-13 00:29 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M 2013-06-12 21:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 13:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 13:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 13:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 13:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 13:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 13:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 13:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 13:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 13:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 13:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 13:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 13:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 13:09 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 13:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 13:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 13:09 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-07 13:18 - 2013-04-13 21:08 - 01964930 ____A C:\Windows\WindowsUpdate.log 2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST 2013-07-07 13:17 - 2013-07-07 13:16 - 01934636 ____A (Farbar) C:\Users\Tristan\Downloads\FRST64.exe 2013-07-07 13:12 - 2013-07-07 13:12 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2013-07-07 13:12 - 2013-04-13 23:20 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-07 13:12 - 2013-04-13 21:32 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys 2013-07-07 13:12 - 2013-04-13 21:30 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-07 13:12 - 2010-11-21 05:47 - 00636324 ____A C:\Windows\PFRO.log 2013-07-07 13:12 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-07 13:12 - 2009-07-14 06:51 - 00044129 ____A C:\Windows\setupact.log 2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira 2013-07-07 03:38 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-07 03:38 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Mozilla 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\ProgramData\APN 2013-07-07 03:33 - 2013-07-07 03:33 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-07 03:32 - 2013-04-13 23:20 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt 2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe 2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe 2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt 2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt 2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log 2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable 2013-07-07 02:46 - 2013-04-13 21:08 - 00000000 ____D C:\users\Tristan 2013-07-07 02:07 - 2013-07-07 01:54 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-07-06 22:03 - 2013-04-13 23:25 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-06 19:39 - 2013-04-29 02:16 - 00000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps 2013-07-06 15:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-05 11:51 - 2013-04-13 21:30 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-04 17:12 - 2013-04-15 11:31 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\TS3Client 2013-07-04 00:27 - 2013-05-06 00:37 - 00038716 ____A C:\Windows\LDPINST.LOG 2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logitech 2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logishrd 2013-07-03 23:29 - 2013-05-06 00:37 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys 2013-07-03 23:29 - 2013-05-06 00:37 - 00001020 ____A C:\Windows\LkmdfCoInst.log 2013-07-01 23:27 - 2013-04-14 11:57 - 00000000 ____D C:\Users\Tristan\Documents\StarCraft II 2013-06-30 19:20 - 2013-04-14 12:31 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-27 23:08 - 2013-04-20 13:47 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Skype 2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files 2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-24 15:05 - 2013-04-14 00:42 - 00001166 ____A C:\Users\Tristan\Desktop\CoreTemp.ini 2013-06-23 15:11 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat 2013-06-23 15:11 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat 2013-06-23 15:11 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 10:41 - 2013-04-14 12:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 10:41 - 2013-04-14 12:20 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe 2013-06-22 12:51 - 2013-04-14 02:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-06-22 12:51 - 2013-04-14 01:24 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-06-22 12:51 - 2013-04-14 01:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient 2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk 2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games 2013-06-21 18:57 - 2013-04-13 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-21 18:46 - 2013-06-21 18:33 - 00000000 ____D C:\Program Files (x86)\League of Legends 2013-06-21 18:33 - 2013-04-13 23:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2013-06-21 18:11 - 2013-04-14 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2013-06-21 17:56 - 2013-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-06-20 14:48 - 2013-07-07 03:32 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-20 14:48 - 2013-07-07 03:32 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-06-14 15:54 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI Technologies 2013-06-14 15:54 - 2013-04-13 21:55 - 00000000 ____D C:\ProgramData\AMD 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-06-14 15:34 - 2013-06-14 15:28 - 00000000 ____D C:\Fraps 2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ____D C:\ProgramData\Skype 2013-06-13 00:29 - 2013-06-13 00:28 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M 2013-06-12 23:10 - 2013-04-13 23:25 - 00000000 ____D C:\ProgramData\Origin 2013-06-12 21:01 - 2013-04-13 22:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Origin 2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Local\Origin 2013-06-08 16:08 - 2013-06-22 01:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-22 01:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-22 01:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Files to move or delete: ==================== C:\ProgramData\NTUser.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-29 17:32 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013 Ran by Tristan at 2013-07-07 13:18:38 Running from C:\Users\Tristan\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Acrobat.com (x32 Version: 0.0.0) Acrobat.com (x32 Version: 1.1.377) Adobe AIR (x32 Version: 1.0.4990) Adobe AIR (x32 Version: 1.0.8.4990) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169) Adobe Flash Player 11 Plugin (x32 Version: 11.1.102.55) Adobe Reader 9 (x32 Version: 9.0.0) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2204) Arma 2 (x32) Arma 2: Operation Arrowhead (x32) ASRock App Charger v1.0.5 ASRock eXtreme Tuner v0.1.263 (x32) ASRock InstantBoot v1.29 (x32) ASRock SmartConnect v1.0.6 ASRock XFast RAM v2.0.9 Avira Free Antivirus (x32 Version: 13.0.0.3737) Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.1.477) Battlefield 3™ (x32 Version: 1.6.0.0) Battlelog Web Plugins (x32 Version: 2.1.7) BattlEye for OA Uninstall (x32) BattlEye Uninstall (x32) Call of Duty: Modern Warfare 2 - Multiplayer (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Darkest Hour (x32) DarthMod Napoleon (x32) DayZ Commander (x32 Version: 0.92.79) eReg (x32 Version: 1.20.138.34) ESN Sonar (x32 Version: 0.70.4) Fraps (x32) Google Chrome (x32 Version: 27.0.1453.116) Google Update Helper (x32 Version: 1.3.21.145) GUILD WARS (x32) Guild Wars 2 (x32) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342) Intel(R) Management Engine Components (x32 Version: 8.0.3.1427) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2761) Intel(R) Rapid Storage Technology (x32 Version: 11.2.0.1006) Intel(R) Smart Connect Technology 2.0 x64 (Version: 2.0.1083.0) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel® Trusted Connect Service Client (Version: 1.23.605.1) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) League of Legends (x32 Version: 1.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Napoleon: Total War (x32) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Origin (x32 Version: 9.1.15.109) Pando Media Booster (x32 Version: 2.6.0.9) PunkBuster Services (x32 Version: 0.991) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482) Skype™ 6.5 (x32 Version: 6.5.158) Spyware Terminator 2012 (x32 Version: 3.0.0.82) StarCraft II (x32 Version: 2.0.9.26147) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.10.1) TechPowerUp GPU-Z (x32) THX TruStudio (x32 Version: 1.00.01) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) XFast LAN v6.61 (Version: 6.61) XFastUSB (x32 Version: 3.02.30) ==================== Restore Points ========================= 12-06-2013 18:59:55 Windows Update 21-06-2013 16:57:26 Installiert League of Legends 21-06-2013 23:30:45 Windows Update 23-06-2013 08:41:28 Installed Java 7 Update 25 07-07-2013 11:17:35 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {14361A76-5E8C-41E1-9A4E-4755989D8FCF} - System32\Tasks\{0C42D0AD-27F7-4B46-93E4-5509B00BE365} => C:\program files (x86)\google\chrome\application\chrome.exe [2013-06-15] (Google Inc.) Task: {15A930FC-FE11-4DE6-979F-BFA5474C5ABF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {1795E88E-0BC8-4F2B-933A-D89A46D31623} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {59EAC220-7558-46E2-847E-A1B70E6C2D61} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {891563EA-319C-4398-ADE8-AFAA019214BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.) Task: {8B342C98-1ABC-4ACF-A72B-E8E3471BE1B0} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {92C78106-7278-4B56-8ADC-F9DCCB3A8DAB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B70562EB-9B94-4FA5-9C02-46830C3406F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2013 01:14:06 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 01:12:46 PM) (Source: ISCT Agent) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 03:32:00 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 03:30:19 AM) (Source: ISCT Agent) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 02:42:20 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 02:40:39 AM) (Source: ISCT Agent) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 02:07:35 AM) (Source: ISCT Agent) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 00:09:35 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 00:07:58 AM) (Source: ISCT Agent) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/06/2013 07:39:29 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16611, Zeitstempel: 0x5191e7aa Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x4a801f90 ID des fehlerhaften Prozesses: 0xce0 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 System errors: ============= Error: (07/07/2013 01:12:55 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/07/2013 03:30:29 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/07/2013 02:41:38 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/07/2013 02:08:34 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/07/2013 00:08:42 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/06/2013 07:20:25 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/06/2013 04:48:46 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/06/2013 03:31:00 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/05/2013 11:00:24 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/05/2013 07:30:37 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Microsoft Office Sessions: ========================= Error: (07/07/2013 01:14:06 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 01:12:46 PM) (Source: ISCT Agent)(User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 03:32:00 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 03:30:19 AM) (Source: ISCT Agent)(User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 02:42:20 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 02:40:39 AM) (Source: ISCT Agent)(User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 02:07:35 AM) (Source: ISCT Agent)(User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/07/2013 00:09:35 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 00:07:58 AM) (Source: ISCT Agent)(User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (07/06/2013 07:39:29 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.166115191e7aaunknown0.0.0.000000000c00000054a801f90ce001ce7a6fb8195003C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown01ec696d-e663-11e2-bb5a-bc5ff465885f ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8155.01 MB Available physical RAM: 5713.9 MB Total Pagefile: 16308.21 MB Available Pagefile: 13192.86 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:290.36 GB) NTFS (Disk=0 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7F168691) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Semmel |
07.07.2013, 12:54 | #4 | |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END"Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.07.2013, 13:06 | #5 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Hallo, hier sind die Ergebnisse: Code:
ATTFilter ComboFix 13-07-07.01 - Tristan 07.07.2013 13:58:58.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8155.5839 [GMT 2:00] ausgeführt von:: c:\users\Tristan\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-07 bis 2013-07-07 )))))))))))))))))))))))))))))) . . 2013-07-07 12:03 . 2013-07-07 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-07 11:32 . 2013-07-07 11:32 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp 2013-07-07 11:18 . 2013-06-17 00:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4BB747-2987-4D7C-9505-AE146005B5D0}\mpengine.dll 2013-07-07 11:17 . 2013-07-07 11:17 -------- d-----w- C:\FRST 2013-07-07 01:38 . 2013-07-07 01:38 -------- d-----w- c:\users\Tristan\AppData\Roaming\Avira 2013-07-07 01:33 . 2013-07-07 01:33 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-07-07 01:33 . 2013-07-07 01:33 -------- d-----w- c:\programdata\APN 2013-07-07 01:32 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-07-07 01:32 . 2013-06-20 12:48 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-07-07 01:32 . 2013-06-20 12:48 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-07-07 01:32 . 2013-07-07 01:32 -------- d-----w- c:\programdata\Avira 2013-07-07 01:32 . 2013-07-07 01:32 -------- d-----w- c:\program files (x86)\Avira 2013-07-06 23:54 . 2013-07-07 11:32 -------- d-----w- c:\programdata\Spyware Terminator 2013-07-06 23:54 . 2013-07-06 23:54 51496 ----a-w- c:\windows\system32\drivers\stflt.sys 2013-07-06 23:54 . 2013-07-06 23:54 -------- d-----w- c:\users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-06 23:54 . 2013-07-06 23:54 -------- d-----w- c:\program files (x86)\Spyware Terminator 2013-07-03 21:29 . 2013-07-03 21:29 53248 ----a-r- c:\users\Tristan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2013-06-23 08:41 . 2013-06-23 08:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-23 08:41 . 2013-06-23 08:41 -------- d-----w- c:\program files (x86)\Java 2013-06-21 17:41 . 2013-06-21 17:41 -------- d-----w- c:\users\Tristan\AppData\Roaming\LolClient 2013-06-21 17:01 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2013-06-21 17:01 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2013-06-21 17:01 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2013-06-21 16:57 . 2013-06-21 16:57 -------- d-----w- C:\Riot Games 2013-06-21 16:33 . 2013-06-21 16:46 -------- d-----w- c:\program files (x86)\League of Legends 2013-06-21 16:32 . 2013-06-27 11:21 -------- d-----w- c:\users\Tristan\AppData\Local\PMB Files 2013-06-21 16:32 . 2013-06-27 11:21 -------- d-----w- c:\programdata\PMB Files 2013-06-21 16:32 . 2013-06-21 16:32 -------- d-----w- c:\program files (x86)\Pando Networks 2013-06-21 16:32 . 2013-06-21 16:32 -------- d-----w- c:\users\Tristan\.swt 2013-06-14 13:54 . 2013-06-14 13:54 -------- d-----w- c:\programdata\ATI 2013-06-14 13:54 . 2013-06-14 13:54 -------- d-----w- c:\program files (x86)\AMD AVT 2013-06-14 13:54 . 2013-06-14 13:54 -------- d-----w- c:\program files\Common Files\ATI Technologies 2013-06-14 13:54 . 2013-06-14 13:54 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2013-06-14 13:53 . 2013-06-14 13:53 -------- d-----w- c:\program files (x86)\ATI Technologies 2013-06-14 13:53 . 2013-06-14 13:53 -------- d-----w- c:\program files\ATI 2013-06-14 13:53 . 2013-06-14 13:54 -------- d-----w- c:\program files\ATI Technologies 2013-06-14 13:28 . 2013-06-14 13:34 -------- d-----w- C:\Fraps 2013-06-12 22:28 . 2013-06-12 22:29 -------- d-----w- c:\users\Tristan\AppData\Local\IW4M 2013-06-12 11:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-07 11:32 . 2013-04-13 19:32 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys 2013-07-03 21:29 . 2013-05-05 22:37 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-06-23 08:41 . 2013-04-14 10:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-23 08:41 . 2013-04-14 10:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-22 10:51 . 2013-04-14 00:13 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-06-22 10:51 . 2013-04-13 23:24 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-06-22 10:51 . 2013-04-13 23:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-06-12 19:01 . 2013-04-13 20:29 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-26 18:26 . 2013-05-26 18:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-05-26 18:21 . 2013-05-26 18:21 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-18 14:10 . 2013-04-18 14:10 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-18 14:10 . 2013-04-17 18:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-14 10:14 . 2013-04-14 10:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-14 10:14 . 2013-04-14 10:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-14 10:14 . 2013-04-14 10:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-14 10:14 . 2013-04-14 10:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-14 10:14 . 2013-04-14 10:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-14 10:14 . 2013-04-14 10:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-14 10:14 . 2013-04-14 10:14 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-14 10:14 . 2013-04-14 10:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-14 10:14 . 2013-04-14 10:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-14 10:14 . 2013-04-14 10:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-14 10:14 . 2013-04-14 10:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-14 10:14 . 2013-04-14 10:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-14 10:14 . 2013-04-14 10:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-14 10:14 . 2013-04-14 10:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-14 10:14 . 2013-04-14 10:14 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-14 10:14 . 2013-04-14 10:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-14 10:14 . 2013-04-14 10:14 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-14 10:14 . 2013-04-14 10:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-14 10:14 . 2013-04-14 10:14 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-14 10:14 . 2013-04-14 10:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-14 10:14 . 2013-04-14 10:14 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-14 10:14 . 2013-04-14 10:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-14 10:14 . 2013-04-14 10:14 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-14 10:14 . 2013-04-14 10:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-14 10:14 . 2013-04-14 10:14 441856 ----a-w- c:\windows\system32\html.iec 2013-04-14 10:14 . 2013-04-14 10:14 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-14 10:14 . 2013-04-14 10:14 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-14 10:14 . 2013-04-14 10:14 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-14 10:14 . 2013-04-14 10:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-14 10:14 . 2013-04-14 10:14 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-14 10:14 . 2013-04-14 10:14 235008 ----a-w- c:\windows\system32\url.dll 2013-04-14 10:14 . 2013-04-14 10:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-14 10:14 . 2013-04-14 10:14 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-14 10:14 . 2013-04-14 10:14 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-14 10:14 . 2013-04-14 10:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-14 10:14 . 2013-04-14 10:14 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-14 10:14 . 2013-04-14 10:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-14 10:14 . 2013-04-14 10:14 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-14 10:14 . 2013-04-14 10:14 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-14 10:14 . 2013-04-14 10:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-14 10:14 . 2013-04-14 10:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-14 10:14 . 2013-04-14 10:14 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-14 10:14 . 2013-04-14 10:14 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-14 10:14 . 2013-04-14 10:14 102912 ----a-w- c:\windows\system32\inseng.dll 2013-04-14 10:14 . 2013-04-14 10:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-14 10:14 . 2013-04-14 10:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-14 10:14 . 2013-04-14 10:14 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-14 10:14 . 2013-04-14 10:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-14 10:14 . 2013-04-14 10:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-14 00:25 . 2013-04-13 23:24 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-04-13 19:32 . 2013-04-13 19:32 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS 2013-04-13 05:49 . 2013-05-15 14:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 14:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 14:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 14:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 14:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 14:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 13:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 14:18 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 14:18 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 14:18 3153920 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608] "XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-04-13 5019360] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-20 345144] . c:\users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x] S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-21 16:32 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 21:20] . 2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 21:20] . 2013-07-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . 2013-07-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-24 170304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-24 398656] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-24 440128] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624] "SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736] "SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.188.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-ASRockXTU - (no file) Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-07 14:04:30 ComboFix-quarantined-files.txt 2013-07-07 12:04 . Vor Suchlauf: 12 Verzeichnis(se), 311.578.726.400 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 311.705.505.792 Bytes frei . - - End Of File - - 6629E8CBE4C22CD4719E292D5B0DE92A D41D8CD98F00B204E9800998ECF8427E |
07.07.2013, 14:05 | #6 |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END" Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> Merkwürdige Datei auf der Festplatte gefunden "END" |
07.07.2013, 14:30 | #7 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Hallo, ich muss mich erstmal bei dir bedanken, dass du mir so gut und schnell hilfst. Herzlichsten Dank. Hier sind die Logs: Frischer FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by Tristan (administrator) on 07-07-2013 15:26:20 Running from C:\Users\Tristan\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (cFos Software GmbH) C:\PROGRAM FILES\ASROCK\XFAST LAN\CFOSSPEED.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe (Creative Technology Ltd) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO\THXNBSET\THXAUDNB.EXE (Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Advanced Micro Devices Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE (ATI Technologies Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH) HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.) HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2013-04-13] (FNet Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG) Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.188.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0 CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-21] () R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-14] () R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com) ==================== Drivers (Whitelisted) ==================== R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd) S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-26] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-13] (FNet Co., Ltd.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-07] (Windows (R) Win 7 DDK provider) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-07-07] () S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT 2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe 2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt 2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt 2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe 2013-07-07 15:09 - 2013-07-07 15:18 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt 2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\Qoobox 2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\ComboFix 2013-07-07 13:58 - 2013-07-07 14:03 - 00000000 ____D C:\Windows\erdnt 2013-07-07 13:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-07-07 13:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-07-07 13:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe 2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt 2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt 2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST 2013-07-07 13:16 - 2013-07-07 13:17 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe 2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira 2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-07 03:32 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-07-07 03:32 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-07-07 03:32 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt 2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe 2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe 2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt 2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt 2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log 2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable 2013-07-07 01:54 - 2013-07-07 13:32 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe 2013-06-22 01:31 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-22 01:31 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-22 01:31 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-22 01:31 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-22 01:31 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient 2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk 2013-06-21 19:01 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-06-21 19:01 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-06-21 19:01 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games 2013-06-21 18:33 - 2013-06-21 18:46 - 00000000 ____D C:\Program Files (x86)\League of Legends 2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files 2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-06-14 15:53 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\ATI Technologies 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-06-14 15:28 - 2013-06-14 15:34 - 00000000 ____D C:\Fraps 2013-06-13 00:28 - 2013-06-13 00:29 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M 2013-06-12 21:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 13:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 13:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 13:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 13:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 13:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 13:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 13:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 13:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 13:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 13:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 13:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 13:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 13:09 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 13:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 13:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 13:09 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-07 15:25 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-07 15:25 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT 2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe 2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt 2013-07-07 15:18 - 2013-07-07 15:09 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2013-07-07 15:18 - 2013-04-13 23:20 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-07 15:18 - 2013-04-13 21:32 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys 2013-07-07 15:18 - 2013-04-13 21:30 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-07 15:18 - 2010-11-21 05:47 - 00638070 ____A C:\Windows\PFRO.log 2013-07-07 15:18 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-07 15:18 - 2009-07-14 06:51 - 00044353 ____A C:\Windows\setupact.log 2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt 2013-07-07 15:17 - 2013-04-13 21:08 - 02010854 ____A C:\Windows\WindowsUpdate.log 2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe 2013-07-07 14:32 - 2013-04-13 23:20 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt 2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\Qoobox 2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\ComboFix 2013-07-07 14:03 - 2013-07-07 13:58 - 00000000 ____D C:\Windows\erdnt 2013-07-07 14:03 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini 2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe 2013-07-07 13:32 - 2013-07-07 01:54 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt 2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt 2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST 2013-07-07 13:17 - 2013-07-07 13:16 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe 2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira 2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt 2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe 2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe 2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt 2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt 2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log 2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable 2013-07-07 02:46 - 2013-04-13 21:08 - 00000000 ____D C:\users\Tristan 2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-07-06 22:03 - 2013-04-13 23:25 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-06 19:39 - 2013-04-29 02:16 - 00000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps 2013-07-06 15:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-05 11:51 - 2013-04-13 21:30 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-04 17:12 - 2013-04-15 11:31 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\TS3Client 2013-07-04 00:27 - 2013-05-06 00:37 - 00038716 ____A C:\Windows\LDPINST.LOG 2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logitech 2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logishrd 2013-07-03 23:29 - 2013-05-06 00:37 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys 2013-07-03 23:29 - 2013-05-06 00:37 - 00001020 ____A C:\Windows\LkmdfCoInst.log 2013-07-01 23:27 - 2013-04-14 11:57 - 00000000 ____D C:\Users\Tristan\Documents\StarCraft II 2013-06-30 19:20 - 2013-04-14 12:31 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-27 23:08 - 2013-04-20 13:47 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Skype 2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files 2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-24 15:05 - 2013-04-14 00:42 - 00001166 ____A C:\Users\Tristan\Desktop\CoreTemp.ini 2013-06-23 15:11 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat 2013-06-23 15:11 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat 2013-06-23 15:11 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 10:41 - 2013-04-14 12:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 10:41 - 2013-04-14 12:20 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe 2013-06-22 12:51 - 2013-04-14 02:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-06-22 12:51 - 2013-04-14 01:24 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-06-22 12:51 - 2013-04-14 01:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient 2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk 2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games 2013-06-21 18:57 - 2013-04-13 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-21 18:46 - 2013-06-21 18:33 - 00000000 ____D C:\Program Files (x86)\League of Legends 2013-06-21 18:33 - 2013-04-13 23:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2013-06-21 18:11 - 2013-04-14 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2013-06-21 17:56 - 2013-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-06-20 14:48 - 2013-07-07 03:32 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-20 14:48 - 2013-07-07 03:32 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-06-14 15:54 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI Technologies 2013-06-14 15:54 - 2013-04-13 21:55 - 00000000 ____D C:\ProgramData\AMD 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-06-14 15:34 - 2013-06-14 15:28 - 00000000 ____D C:\Fraps 2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ____D C:\ProgramData\Skype 2013-06-13 00:29 - 2013-06-13 00:28 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M 2013-06-12 23:10 - 2013-04-13 23:25 - 00000000 ____D C:\ProgramData\Origin 2013-06-12 21:01 - 2013-04-13 22:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Origin 2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Local\Origin 2013-06-08 16:08 - 2013-06-22 01:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-22 01:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-22 01:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-29 17:32 ==================== End Of Log ============================ --- --- --- AdwCleaner: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 07/07/2013 um 15:17:26 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Tristan - TRISTAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Tristan\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Ordner Gelöscht : C:\ProgramData\APN Ordner Gelöscht : C:\ProgramData\DeviceVM Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\DeviceVM Ordner Gelöscht : C:\Users\Tristan\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1072 octets] - [07/07/2013 15:17:26] ########## EOF - C:\AdwCleaner[S1].txt - [1132 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Professional x64 Ran by Tristan on 07.07.2013 at 15:22:21,92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.07.2013 at 15:24:21,31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Semmel |
07.07.2013, 18:28 | #8 |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END" Supi ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.07.2013, 19:51 | #9 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Hallo, hier sind die neuen Logs: Eset Er hat etwas gefunden, ich habe es aber nicht löschen lassen) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c6a1185797c3be439911a1d035a09e9f # engine=14307 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-07 06:41:01 # local_time=2013-07-07 08:41:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 0 238645751 0 0 # compatibility_mode=5893 16776573 100 94 4027 124852311 0 0 # compatibility_mode=7937 16777214 28 75 67583 7436109 0 0 # scanned=218824 # found=1 # cleaned=0 # scan_time=3839 sh=C276A0C648A0D36BD20CE1E5A15F7E863CD315C8 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Tristan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\82QQE5LQ\firstload_com[1].htm" Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Java 7 Update 25 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by Tristan (administrator) on 07-07-2013 20:47:51 Running from C:\Users\Tristan\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE (Avira Operations GmbH & Co. KG) C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\PROGRAM FILES\INTEL\INTEL(R) SMART CONNECT TECHNOLOGY AGENT\ISCTAGENT.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (cFos Software GmbH) C:\PROGRAM FILES\ASROCK\XFAST LAN\CFOSSPEED.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (FNet Co., Ltd.) C:\PROGRAM FILES (X86)\XFASTUSB\XFASTUSB.EXE (Creative Technology Ltd) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO\THXNBSET\THXAUDNB.EXE (Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE (Advanced Micro Devices Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ATI Technologies Inc.) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE (Google Inc.) C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH) HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.) HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" [5019360 2013-04-13] (FNet Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-20] (Avira Operations GmbH & Co. KG) Startup: C:\Users\Tristan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.188.1 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Extension: (Google Docs) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (SciLor's Grooveshark(tm) Unlocker) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0 CHR Extension: (AdBlock) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (Gmail) - C:\Users\Tristan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-21] () R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-14] () R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com) ==================== Drivers (Whitelisted) ==================== R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-26] (DT Soft Ltd) R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-05-26] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-13] (FNet Co., Ltd.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-07-07] (Windows (R) Win 7 DDK provider) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-07-07] () S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-07 20:42 - 2013-07-07 20:42 - 00890988 ____A C:\Users\Tristan\Desktop\SecurityCheck.exe 2013-07-07 19:34 - 2013-07-07 19:34 - 02347384 ____A (ESET) C:\Users\Tristan\Downloads\esetsmartinstaller_enu.exe 2013-07-07 17:57 - 2013-07-07 17:57 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT 2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe 2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt 2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt 2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe 2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt 2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\Qoobox 2013-07-07 13:58 - 2013-07-07 14:04 - 00000000 ____D C:\ComboFix 2013-07-07 13:58 - 2013-07-07 14:03 - 00000000 ____D C:\Windows\erdnt 2013-07-07 13:58 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-07-07 13:58 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-07-07 13:58 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-07-07 13:58 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe 2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt 2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt 2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST 2013-07-07 13:16 - 2013-07-07 13:17 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe 2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira 2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-07 03:32 - 2013-06-20 14:48 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-07-07 03:32 - 2013-06-20 14:48 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-07-07 03:32 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt 2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe 2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe 2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt 2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt 2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log 2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable 2013-07-07 01:54 - 2013-07-07 13:32 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe 2013-06-22 01:31 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-22 01:31 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-22 01:31 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-22 01:31 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-22 01:31 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-22 01:31 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-22 01:31 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient 2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk 2013-06-21 19:01 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-06-21 19:01 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-06-21 19:01 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games 2013-06-21 18:33 - 2013-06-21 18:46 - 00000000 ____D C:\Program Files (x86)\League of Legends 2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files 2013-06-21 18:32 - 2013-06-27 13:21 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-06-14 15:53 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\ATI Technologies 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-06-14 15:28 - 2013-06-14 15:34 - 00000000 ____D C:\Fraps 2013-06-13 00:28 - 2013-06-13 00:29 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M 2013-06-12 21:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 13:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 13:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 13:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 13:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 13:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 13:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 13:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 13:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 13:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 13:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 13:09 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 13:09 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 13:09 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 13:09 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 13:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 13:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 13:09 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-07 20:42 - 2013-07-07 20:42 - 00890988 ____A C:\Users\Tristan\Desktop\SecurityCheck.exe 2013-07-07 20:37 - 2013-04-13 21:08 - 02053339 ____A C:\Windows\WindowsUpdate.log 2013-07-07 20:32 - 2013-04-13 23:20 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-07 19:35 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat 2013-07-07 19:35 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat 2013-07-07 19:35 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-07 19:34 - 2013-07-07 19:34 - 02347384 ____A (ESET) C:\Users\Tristan\Downloads\esetsmartinstaller_enu.exe 2013-07-07 19:08 - 2013-04-20 13:47 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Skype 2013-07-07 18:09 - 2013-04-15 11:31 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\TS3Client 2013-07-07 18:05 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-07 18:05 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-07 17:57 - 2013-07-07 17:57 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2013-07-07 17:57 - 2013-04-13 23:20 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-07 17:57 - 2013-04-13 21:32 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys 2013-07-07 17:57 - 2013-04-13 21:30 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-07 17:57 - 2010-11-21 05:47 - 00639052 ____A C:\Windows\PFRO.log 2013-07-07 17:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-07 17:57 - 2009-07-14 06:51 - 00044521 ____A C:\Windows\setupact.log 2013-07-07 15:24 - 2013-07-07 15:24 - 00000627 ____A C:\Users\Tristan\Desktop\JRT.txt 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\Windows\ERUNT 2013-07-07 15:22 - 2013-07-07 15:22 - 00000000 ____D C:\JRT 2013-07-07 15:21 - 2013-07-07 15:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Tristan\Desktop\JRT.exe 2013-07-07 15:21 - 2013-07-07 15:21 - 00001201 ____A C:\Users\Tristan\Desktop\AdwCleaner[S1].txt 2013-07-07 15:17 - 2013-07-07 15:17 - 00001201 ____A C:\AdwCleaner[S1].txt 2013-07-07 15:16 - 2013-07-07 15:16 - 00650027 ____A C:\Users\Tristan\Desktop\adwcleaner.exe 2013-07-07 14:04 - 2013-07-07 14:04 - 00025238 ____A C:\ComboFix.txt 2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\Qoobox 2013-07-07 14:04 - 2013-07-07 13:58 - 00000000 ____D C:\ComboFix 2013-07-07 14:03 - 2013-07-07 13:58 - 00000000 ____D C:\Windows\erdnt 2013-07-07 14:03 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini 2013-07-07 13:56 - 2013-07-07 13:56 - 05087096 ____R (Swearware) C:\Users\Tristan\Desktop\ComboFix.exe 2013-07-07 13:32 - 2013-07-07 01:54 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-07 13:18 - 2013-07-07 13:18 - 00037549 ____A C:\Users\Tristan\Downloads\FRST.txt 2013-07-07 13:18 - 2013-07-07 13:18 - 00015925 ____A C:\Users\Tristan\Downloads\Addition.txt 2013-07-07 13:17 - 2013-07-07 13:17 - 00000000 ____D C:\FRST 2013-07-07 13:17 - 2013-07-07 13:16 - 01934636 ____A (Farbar) C:\Users\Tristan\Desktop\FRST64.exe 2013-07-07 03:38 - 2013-07-07 03:38 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Avira 2013-07-07 03:33 - 2013-07-07 03:33 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\ProgramData\Avira 2013-07-07 03:32 - 2013-07-07 03:32 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-07 03:27 - 2013-07-07 03:27 - 00001436 ____A C:\Users\Tristan\Desktop\gmer.txt 2013-07-07 03:12 - 2013-07-07 03:12 - 00377856 ____A C:\Users\Tristan\Downloads\gmer_2.1.19163.exe 2013-07-07 03:11 - 2013-07-07 03:11 - 104943936 ____A C:\Users\Tristan\Downloads\avira3737_free_antivirus_de.exe 2013-07-07 02:54 - 2013-07-07 02:54 - 00053338 ____A C:\Users\Tristan\Desktop\Extras.Txt 2013-07-07 02:53 - 2013-07-07 02:53 - 00082074 ____A C:\Users\Tristan\Desktop\OTL.Txt 2013-07-07 02:47 - 2013-07-07 02:47 - 00602112 ____A (OldTimer Tools) C:\Users\Tristan\Desktop\OTL.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00050477 ____A C:\Users\Tristan\Downloads\Defogger.exe 2013-07-07 02:46 - 2013-07-07 02:46 - 00000546 ____A C:\Users\Tristan\Downloads\defogger_disable.log 2013-07-07 02:46 - 2013-07-07 02:46 - 00000168 ____A C:\Users\Tristan\defogger_reenable 2013-07-07 02:46 - 2013-04-13 21:08 - 00000000 ____D C:\users\Tristan 2013-07-07 01:54 - 2013-07-07 01:54 - 05049344 ____A (Crawler.com ) C:\Users\Tristan\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-07 01:54 - 2013-07-07 01:54 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Spyware Terminator 2013-07-07 01:54 - 2013-07-07 01:54 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2013-07-06 22:03 - 2013-04-13 23:25 - 00000000 ____D C:\Program Files (x86)\Origin 2013-07-06 19:39 - 2013-04-29 02:16 - 00000000 ____D C:\Users\Tristan\AppData\Local\CrashDumps 2013-07-06 15:30 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-05 11:51 - 2013-04-13 21:30 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-04 00:27 - 2013-05-06 00:37 - 00038716 ____A C:\Windows\LDPINST.LOG 2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logitech 2013-07-04 00:27 - 2013-05-06 00:37 - 00000000 ____D C:\ProgramData\Logishrd 2013-07-03 23:29 - 2013-05-06 00:37 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys 2013-07-03 23:29 - 2013-05-06 00:37 - 00001020 ____A C:\Windows\LkmdfCoInst.log 2013-07-01 23:27 - 2013-04-14 11:57 - 00000000 ____D C:\Users\Tristan\Documents\StarCraft II 2013-06-30 19:20 - 2013-04-14 12:31 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\AppData\Local\PMB Files 2013-06-27 13:21 - 2013-06-21 18:32 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-24 15:05 - 2013-04-14 00:42 - 00001166 ____A C:\Users\Tristan\Desktop\CoreTemp.ini 2013-06-23 10:41 - 2013-06-23 10:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 10:41 - 2013-06-23 10:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 10:41 - 2013-06-23 10:41 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 10:41 - 2013-04-14 12:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 10:41 - 2013-04-14 12:20 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 18:26 - 2013-06-22 18:26 - 141110624 ____A (Advanced Micro Devices, Inc.) C:\Users\Tristan\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe 2013-06-22 12:51 - 2013-04-14 02:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-06-22 12:51 - 2013-04-14 01:24 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-06-22 12:51 - 2013-04-14 01:24 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-06-21 19:41 - 2013-06-21 19:41 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\LolClient 2013-06-21 19:01 - 2013-06-21 19:01 - 00001722 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk 2013-06-21 18:57 - 2013-06-21 18:57 - 00000000 ____D C:\Riot Games 2013-06-21 18:57 - 2013-04-13 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-21 18:46 - 2013-06-21 18:33 - 00000000 ____D C:\Program Files (x86)\League of Legends 2013-06-21 18:33 - 2013-04-13 23:21 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-21 18:32 - 2013-06-21 18:32 - 03461416 ____A C:\Users\Tristan\Downloads\LeagueofLegends.exe 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Users\Tristan\.swt 2013-06-21 18:32 - 2013-06-21 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2013-06-21 18:11 - 2013-04-14 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2013-06-21 17:56 - 2013-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-06-20 14:48 - 2013-07-07 03:32 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-06-20 14:48 - 2013-07-07 03:32 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\ProgramData\ATI 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2013-06-14 15:54 - 2013-06-14 15:54 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-06-14 15:54 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI Technologies 2013-06-14 15:54 - 2013-04-13 21:55 - 00000000 ____D C:\ProgramData\AMD 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files\ATI 2013-06-14 15:53 - 2013-06-14 15:53 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2013-06-14 15:34 - 2013-06-14 15:28 - 00000000 ____D C:\Fraps 2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-13 19:00 - 2013-04-20 13:47 - 00000000 ____D C:\ProgramData\Skype 2013-06-13 00:29 - 2013-06-13 00:28 - 00000000 ____D C:\Users\Tristan\AppData\Local\IW4M 2013-06-12 23:10 - 2013-04-13 23:25 - 00000000 ____D C:\ProgramData\Origin 2013-06-12 21:01 - 2013-04-13 22:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Roaming\Origin 2013-06-08 20:53 - 2013-04-13 23:25 - 00000000 ____D C:\Users\Tristan\AppData\Local\Origin 2013-06-08 16:08 - 2013-06-22 01:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-22 01:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-22 01:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-22 01:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-22 01:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-22 01:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-29 17:32 ==================== End Of Log ============================ --- --- --- Ich hoffe es hilft, Semmel |
07.07.2013, 20:49 | #10 |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END" Das sind nur Temp-Files Adobe Reader bitte updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.07.2013, 21:22 | #11 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Hallo Schrauber, danke für deine Hilfe. Ist das Problem jetzt gelöst? Die "END" Datei ist zumindest nicht mehr vorhanden. Was war das überhaupt für eine Datei? Kann sie Schaden verursacht haben? Mit freundlichen Grüßen, Semmel |
08.07.2013, 07:54 | #12 |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END" Hi, die gehörte zu Adware, nix dramatisches Die Reihenfolge ist hier entscheidend.
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.07.2013, 10:52 | #13 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Hi, ich habe jetzt alle Programme so entfernt, wie du es beschrieben hast. Ich denke wir sind jetzt fertig oder? Auf jeden Fall muss ich mich ganz herzlich bei dir bedanken Kaum zu glauben, dass du das alles in deiner Freizeit machst. Wirklich sehr sehr nett. Mit freundlichen Grüßen, Semmel |
08.07.2013, 11:29 | #14 |
/// the machine /// TB-Ausbilder | Merkwürdige Datei auf der Festplatte gefunden "END" Sorry das mit den Codetags war falsch, eigentlich sollte das hier kommen Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.07.2013, 12:50 | #15 |
| Merkwürdige Datei auf der Festplatte gefunden "END" Jap es hat sich alles geklärt. Nochmals ein großes Dankeschön für deine kompetente Hilfe Mit freundlich und dankbaren Grüßen, Semmel |
Themen zu Merkwürdige Datei auf der Festplatte gefunden "END" |
7-zip, adblock, antivir, autorun, avira, battle.net, bho, browser, cpu, error, festplatte, firefox, flash player, format, helper, homepage, iexplore.exe, install.exe, launch, logfile, plug-in, realtek, registry, rundll, scan, security, software, spielen, spyware, teamspeak, trojaner-board, usb, windows |