Plagegeister aller Art und deren Bekämpfung: Brauche Fixlist für FarbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema.
| ![]() Brauche Fixlist für Farbar Habe auch den "polizei" Trojaner und mich hier ein bisschen durchgelesen, aber nicht herausgefunden wie ich die fixlist erstelle... so habe ich einfach meinen Scan gemacht und hier ist der Code. Vielen Dank im Vorraus für die Fixlist Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02 Ran by SYSTEM on 18-07-2013 17:38:49 Running from G:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Ocs_SM] - C:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-11-23] (OCS) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation) HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation) HKLM\...\Winlogon: [Userinit] D:\Windows\system32\userinit.exe, HKLM-x32\...\Run: [SunJavaUpdateSched] - "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [x] HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [x] HKU\Default\...\RunOnce: [mctadmin] - D:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Markus\...\Run: [Skype] - "D:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [19549320 2011-10-13] (Skype Technologies S.A.) HKU\Markus\...\Run: [Steam] - "C:\Programme\Steam\Steam.exe" -silent [x] HKU\Markus\...\Run: [DAEMON Tools Lite] - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun [x] HKU\Markus\...\Run: [LOLReplay Recorder] - "C:\Spiele\LOLReplay\LOLRecorder.exe" -minimize [x] HKU\Markus\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.exe [61440 2013-07-18] (NVIDIA Corporation) <===== ATTENTION HKU\Markus\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION HKU\Markus\...\Command Processor: "D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.exe" <===== ATTENTION! HKU\UpdatusUser\...\RunOnce: [mctadmin] - D:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 AdobeARMservice; "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x] S2 Apple Mobile Device; "D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x] S2 avast! Antivirus; "D:\Program Files\AVAST Software\Avast\AvastSvc.exe" [x] S2 Bonjour Service; "D:\Program Files\Bonjour\mDNSResponder.exe" [x] S2 clr_optimization_v4.0.30319_32; D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x] S2 clr_optimization_v4.0.30319_64; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [x] S3 gusvc; "D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x] S3 iPod Service; "D:\Program Files\iPod\bin\iPodService.exe" [x] S3 McComponentHostService; "D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [x] S4 NetMsmqActivator; "D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x] S4 NetPipeActivator; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x] S4 NetTcpActivator; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x] S4 NetTcpPortSharing; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x] S2 nvsvc; "D:\Windows\system32\nvvsvc.exe" [x] S2 nvUpdatusService; "D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [x] S2 PSI_SVC_2; "d:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [x] S2 SearchAnonymizer; "D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe" [x] S3 Steam Client Service; D:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x] S2 Stereo Service; "D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [x] S3 TunngleService; c:\spiele\Tunngle\TnglCtrl.exe [x] S2 wlidsvc; "D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x] ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software) S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software) S2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-20] (Duplex Secure Ltd.) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S2 aswMonFlt; \??\D:\Windows\system32\drivers\aswMonFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-18 17:38 - 2013-07-18 17:38 - 00000000 ____D C:\FRST 2013-07-18 15:52 - 2013-07-18 15:52 - 00393543 _____ C:\Users\Markus\AppData\Roaming\2433f433 2013-07-18 15:52 - 2013-07-18 15:52 - 00393525 _____ C:\ProgramData\2433f433 2013-07-18 15:52 - 2013-07-18 15:52 - 00393480 _____ C:\Users\Markus\AppData\Local\2433f433 2013-07-12 02:06 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-12 02:06 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-12 02:06 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-12 02:06 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-12 02:06 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-12 02:06 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-12 02:06 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-12 02:06 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-12 02:06 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-12 02:06 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-12 02:06 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-12 02:06 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-12 02:06 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-12 02:06 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-12 02:06 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-12 02:06 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-12 02:06 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-12 02:06 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-12 02:06 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 02:06 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-12 02:06 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-12 02:06 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 20:13 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-11 20:13 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 20:13 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-11 20:13 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 20:12 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-11 20:12 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 20:12 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-07 21:35 - 2013-07-07 21:35 - 00042311 _____ C:\Users\Markus\Downloads\TS3MusicBot-plugin.rar 2013-07-07 21:35 - 2013-07-07 21:35 - 00000000 ____D C:\Users\Markus\Desktop\1.8 2013-07-03 08:04 - 2013-07-03 08:04 - 64922258 _____ C:\Users\Markus\Desktop\Werkstofftechnik.zip 2013-07-01 15:32 - 2013-07-01 15:32 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-07-01 15:30 - 2013-06-21 13:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-07-01 15:30 - 2013-06-21 13:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432049.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432049.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-07-01 15:30 - 2013-06-21 13:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-07-01 15:29 - 2013-07-01 15:29 - 00000000 ____D C:\NVIDIA 2013-07-01 15:28 - 2013-07-01 15:28 - 00000000 ____D C:\Users\Markus\AppData\Local\NVIDIA 2013-06-30 11:33 - 2013-06-30 11:33 - 84167392 _____ C:\Users\Markus\Downloads\BattleForgeInstall.exe 2013-06-30 11:32 - 2013-06-30 11:32 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-06-29 10:59 - 2013-06-29 11:00 - 14925176 _____ (Last.fm ) C:\Users\Markus\Downloads\Last.fm-2.1.35.exe 2013-06-24 20:01 - 2013-06-24 20:01 - 01720508 _____ C:\Users\Markus\troll.wav 2013-06-21 04:16 - 2013-06-21 04:16 - 00566048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-06-19 19:34 - 2013-06-19 19:34 - 55854060 _____ C:\Users\Markus\Downloads\Werkstofftechnik Dani.rar ==================== One Month Modified Files and Folders ======= 2013-07-18 17:38 - 2013-07-18 17:38 - 00000000 ____D C:\FRST 2013-07-18 16:29 - 2011-10-16 19:04 - 01215614 _____ C:\Windows\WindowsUpdate.log 2013-07-18 16:29 - 2009-07-14 05:45 - 00022032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-18 16:29 - 2009-07-14 05:45 - 00022032 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-18 16:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-18 16:25 - 2011-11-03 00:24 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-18 16:25 - 2009-07-14 05:51 - 00399232 _____ C:\Windows\setupact.log 2013-07-18 16:01 - 2009-07-14 05:45 - 00024576 _____ C:\Windows\System32\umstartup.etl 2013-07-18 15:52 - 2013-07-18 15:52 - 00393543 _____ C:\Users\Markus\AppData\Roaming\2433f433 2013-07-18 15:52 - 2013-07-18 15:52 - 00393525 _____ C:\ProgramData\2433f433 2013-07-18 15:52 - 2013-07-18 15:52 - 00393480 _____ C:\Users\Markus\AppData\Local\2433f433 2013-07-18 15:48 - 2011-10-16 20:17 - 00000000 ____D C:\Users\Markus\AppData\Roaming\Skype 2013-07-18 15:16 - 2011-10-16 20:26 - 00000000 ____D C:\Users\Markus\AppData\Local\PMB Files 2013-07-18 15:16 - 2011-10-16 20:26 - 00000000 ____D C:\ProgramData\PMB Files 2013-07-18 10:40 - 2011-10-16 19:38 - 00000000 ____D C:\Users\Markus\AppData\Roaming\Dropbox 2013-07-17 21:05 - 2011-10-18 14:45 - 00000000 ____D C:\Users\Markus\AppData\Roaming\TS3Client 2013-07-16 01:04 - 2012-11-09 12:29 - 00000000 ____D C:\Users\Markus\AppData\Local\CrashDumps 2013-07-14 23:00 - 2012-01-09 14:36 - 00000000 ____D C:\Users\Markus\AppData\Local\PokerStars.EU 2013-07-14 22:54 - 2012-01-28 11:59 - 00732160 ___SH C:\Users\Markus\Thumbs.db 2013-07-14 22:53 - 2011-10-16 19:33 - 00000000 ____D C:\users\Markus 2013-07-12 10:05 - 2009-07-14 05:45 - 00294952 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-12 10:04 - 2013-03-13 18:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 10:04 - 2013-03-13 18:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-12 02:10 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 02:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 02:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-09 16:06 - 2011-10-16 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-09 15:52 - 2012-09-26 14:33 - 00000000 ____D C:\Users\Markus\Documents\Guild Wars 2 2013-07-07 21:36 - 2011-10-16 20:16 - 00000000 ____D C:\Users\Markus\AppData\Roaming\TeraCopy 2013-07-07 21:35 - 2013-07-07 21:35 - 00042311 _____ C:\Users\Markus\Downloads\TS3MusicBot-plugin.rar 2013-07-07 21:35 - 2013-07-07 21:35 - 00000000 ____D C:\Users\Markus\Desktop\1.8 2013-07-03 08:04 - 2013-07-03 08:04 - 64922258 _____ C:\Users\Markus\Desktop\Werkstofftechnik.zip 2013-07-01 15:32 - 2013-07-01 15:32 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-07-01 15:32 - 2011-11-03 00:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-07-01 15:29 - 2013-07-01 15:29 - 00000000 ____D C:\NVIDIA 2013-07-01 15:28 - 2013-07-01 15:28 - 00000000 ____D C:\Users\Markus\AppData\Local\NVIDIA 2013-07-01 15:24 - 2011-11-03 00:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-06-30 11:53 - 2012-01-17 13:11 - 00000000 ____D C:\Users\Markus\Documents\BattleForge 2013-06-30 11:33 - 2013-06-30 11:33 - 84167392 _____ C:\Users\Markus\Downloads\BattleForgeInstall.exe 2013-06-30 11:32 - 2013-06-30 11:32 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-06-29 11:00 - 2013-06-29 10:59 - 14925176 _____ (Last.fm ) C:\Users\Markus\Downloads\Last.fm-2.1.35.exe 2013-06-24 20:01 - 2013-06-24 20:01 - 01720508 _____ C:\Users\Markus\troll.wav 2013-06-22 23:20 - 2013-01-17 17:18 - 00000000 ____D C:\Users\Markus\Documents\Euro Truck Simulator 2 2013-06-21 13:06 - 2013-07-01 15:30 - 27781920 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 11235104 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-06-21 13:06 - 2013-07-01 15:30 - 09239344 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 07641832 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 02953504 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 02363680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 01832224 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432049.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432049.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 00572704 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 00570656 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-06-21 13:06 - 2013-07-01 15:30 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-06-21 13:06 - 2013-02-25 23:32 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-06-21 13:06 - 2012-02-21 18:45 - 15144928 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-06-21 13:06 - 2012-02-21 18:45 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-06-21 13:06 - 2011-05-21 06:01 - 02936208 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-06-21 13:06 - 2011-05-21 06:01 - 00021578 _____ C:\Windows\System32\nvinfo.pb 2013-06-21 13:06 - 2009-07-13 22:59 - 15920536 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-06-21 13:06 - 2009-06-10 21:37 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-06-21 11:23 - 2011-11-03 00:24 - 06496544 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-06-21 11:23 - 2011-11-03 00:24 - 03514656 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-06-21 11:23 - 2011-11-03 00:24 - 02555680 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-06-21 11:23 - 2011-11-03 00:24 - 00884512 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-06-21 11:23 - 2011-11-03 00:24 - 00237856 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-06-21 11:23 - 2011-11-03 00:24 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-06-21 04:16 - 2013-06-21 04:16 - 00566048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-06-20 19:08 - 2011-04-12 08:43 - 01711148 _____ C:\Windows\System32\perfh007.dat 2013-06-20 19:08 - 2011-04-12 08:43 - 00464978 _____ C:\Windows\System32\perfc007.dat 2013-06-20 19:08 - 2009-07-14 06:13 - 00006458 _____ C:\Windows\System32\PerfStringBackup.INI 2013-06-19 19:34 - 2013-06-19 19:34 - 55854060 _____ C:\Users\Markus\Downloads\Werkstofftechnik Dani.rar Files to move or delete: ==================== C:\ProgramData\nud0repor.pad ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4094.49 MB Available physical RAM: 3451.34 MB Total Pagefile: 4092.69 MB Available Pagefile: 3435.79 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:48.83 GB) (Free:2.23 GB) NTFS (Disk=0 Partition=2) Drive e: () (Fixed) (Total:547.24 GB) (Free:142.02 GB) NTFS (Disk=0 Partition=3) Drive g: (INTENSO) (Removable) (Total:3.77 GB) (Free:1.05 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: FF252D57) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=547 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0C) LastRegBack: 2013-07-03 08:40 ==================== End Of Log ============================ |
Brauche Fixlist für Farbar Hi,
Drücke auf einem Zweitrechner bitte die
ATTFilter 2013-07-18 15:52 - 2013-07-18 15:52 - 00393543 _____ C:\Users\Markus\AppData\Roaming\2433f433 2013-07-18 15:52 - 2013-07-18 15:52 - 00393525 _____ C:\ProgramData\2433f433 2013-07-18 15:52 - 2013-07-18 15:52 - 00393480 _____ C:\Users\Markus\AppData\Local\2433f433 C:\ProgramData\nud0repor.pad HKU\Markus\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.exe [61440 2013-07-18] (NVIDIA Corporation) <===== ATTENTION HKU\Markus\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION HKU\Markus\...\Command Processor: "D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.exe" <===== ATTENTION! D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.exe D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.dll
__________________ |
| ![]() Brauche Fixlist für Farbar Habe noch nicht getestet ob die Kiste wieder läuft.
__________________Ersteinmal gefixt, hier ist der log.. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02 Ran by SYSTEM at 2013-07-18 18:19:04 Run:1 Running from G:\ Boot Mode: Recovery ============================================== "C:\Users\Markus\AppData\Roaming\2433f433" => File/Directory not found. "C:\ProgramData\2433f433" => File/Directory not found. "C:\Users\Markus\AppData\Local\2433f433" => File/Directory not found. C:\ProgramData\nud0repor.pad => Moved successfully. HKU\Markus\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully. HKU\Markus\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Markus\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. "D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.exe" => File/Directory not found. "D:\Users\Markus\AppData\Local\Temp\ymtvsujdigsknitju.dll" => File/Directory not found. ==== End of Fixlog ==== "C:\ProgramData\2433f433" => File/Directory not found. "C:\Users\Markus\AppData\Local\2433f433" => File/Directory not found. Hier habe ich schon selbst versucht das zu löschen, denke das is "bereinigt" |
Brauche Fixlist für FarbarZitat:
__________________ cheers, Leo |
| ![]() Brauche Fixlist für Farbar Konnte wieder normal hochfahren und habe die Logs erstellt... addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02 Ran by Markus at 2013-07-18 18:30:56 Running from D:\Users\Markus\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Activision(R) (x32 Version: 1.00.0000) Adobe AIR (x32 Version: Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.110) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Age of Empires Online (x32) Altitude (x32) Apple Application Support (x32 Version: 2.2.2) Apple Mobile Device Support (Version: Apple Software Update (x32 Version: avast! Free Antivirus (x32 Version: 6.0.1289.0) BattleForge™ (x32 Version: be Flash Player 11 Plugin 64-bit (Version: Blur (x32) Bonjour (Version: Borderlands (x32) BrettspielWelt (x32 Version: 1.0) CameraHelperMsi (x32 Version: 13.51.815.0) CCleaner (Version: 3.11) CDBurnerXP (Version: Chivalry: Medieval Warfare (x32) Cities XL 2012 (x32) Corel PaintShop Pro X5 (x32 Version: Counter-Strike (x32) Counter-Strike: Source (x32) CPUID CPU-Z 1.64.0 D3DX10 (x32 Version: 15.4.2368.0902) Defraggler (Version: 2.07) Desktop Icon für Amazon (Version: 1.0.1 (de)) devolo dLAN Cockpit (x32 Version: Diablo III (x32 Version: Die Sims™ 3 (x32 Version: 1.18.9) DivX-Setup (x32 Version: dLAN Cockpit (x32 Version: 3.2.28) Dota 2 (x32) Dropbox (HKCU Version: 1.6.11) Dungeon Defenders (x32) Dwarfs F2P (x32) ElsterFormular (x32 Version: 14.1.11318) erLT (x32 Version: Euro Truck Simulator 2 (x32 Version: 1.1.1) FileZilla Client (x32 Version: FireJump (x32 Version: Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1) Free YouTube Download version (x32) FUSSBALL MANAGER 11 (x32 Version: Guild Wars 2 (x32) Heroes of Newerth (x32 Version: 2.3.0) HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (Version: HP Officejet 6500 E710n-z Hilfe (x32 Version: ICA (x32 Version: Ice Age(TM) 4 - Voll Verschoben! Die arktischen Spiele demo (x32 Version: 1.00.0000) ICQ7.6 (x32 Version: 7.6) IPM_PSP_COM (x32 Version: Iron Grip: Marauders (x32) iTunes (Version: Java Auto Updater (x32 Version: Java(TM) 6 Update 22 (x32 Version: 6.0.220) Java(TM) 6 Update 31 (64-bit) (Version: 6.0.310) Java(TM) 6 Update 31 (x32 Version: 6.0.310) Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30) Java(TM) SE Development Kit 7 Update 3 (64-bit) (Version: JavaFX 2.0.3 (64-bit) (Version: 2.0.3) JavaFX 2.0.3 SDK (64-bit) (Version: 2.0.3) JDownloader 0.9 (x32 Version: 0.9) League of Legends (x32 Version: 1.02.0000) Logitech Touch Mouse Server 1.0 (x32 Version: 1.0) Logitech Webcam-Software (x32 Version: 2.51) LOLReplay (x32 Version: LWS Facebook (x32 Version: 13.50.854.0) LWS Gallery (x32 Version: 13.51.827.0) LWS Help_main (x32 Version: 13.51.828.0) LWS Launcher (x32 Version: 13.51.828.0) LWS Motion Detection (x32 Version: 13.51.815.0) LWS Pictures And Video (x32 Version: 13.51.815.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Webcam Software (x32 Version: 13.51.815.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.31.1038.0) Magicka (x32) McAfee Security Scan Plus (x32 Version: Messenger Companion (x32 Version: 15.4.3502.0922) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000) Microsoft Games for Windows - LIVE Redistributable (x32 Version: Microsoft Games for Windows Marketplace (x32 Version: Microsoft Help Viewer 1.0 (Version: 1.0.30319) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4) Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4) Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0) Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0) Might & Magic Heroes VI (x32 Version: 1.1.1) Mozilla Firefox 14.0.1 (x86 de) (x32 Version: 14.0.1) Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) MSVCRT (x32 Version: 15.4.2862.0708) NetBeans IDE 7.1.1 (x32 Version: 7.1.1) Notepad++ (x32 Version: NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA Install Application (Version: 2.1002.125.816) NVIDIA PhysX (x32 Version: 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (x32 Version: NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 6.4.23 (Version: 6.4.23) NVIDIA Update Components (Version: 6.4.23) OpenAL (x32) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Orcs Must Die! 2 (x32) Pando Media Booster (x32 Version: Picasa 3 (x32 Version: 3.9) Plex (HKCU Version: 0.9.500) Plex Media Server (x32 Version: 0.9.500) PokerStars (x32) Preispilot für Firefox (x32 Version: 2.0) PSPPContent (x32 Version: PSPPHelp (x32 Version: PSPPro64 (Version: Rock of Ages (x32) SearchAnonymizer (Version: 1.0.1 (de)) Setup (x32 Version: ShiftWindow 1.02 (x32) Sid Meier's Civilization V (x32) Sid Meier's Civilization V SDK (x32) Skype™ 5.5 (x32 Version: 5.5.124) SpeedFan (remove only) (x32) StarCraft II (x32 Version: Steam (x32 Version: Stronghold (x32) Stronghold Kingdoms (x32) SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (x32 Version: v2011.build.49) Super Collapse! 3 Endless (x32 Version: SweetIM for Messenger 3.6 (x32 Version: 3.6.0002) SweetIM Toolbar for Internet Explorer 4.2 (x32 Version: 4.2.0004) Team Fortress 2 (x32) TeamSpeak 3 Client TeraCopy 2.2 Terraria (x32) The Lord of the Rings Online™ (x32) The Lord of the Rings Online™ v03.07.01.8015 (x32 Version: The Sims 3 Ultimate Bundle (x32 Version: 1.0) Titan Quest (x32) Titan Quest: Immortal Throne (x32) TmNationsForever (x32) TreeSize Free V2.6 (x32 Version: 2.6) Trine (x32) Trine 2 (x32) Tunngle beta (x32) Two Worlds II Castle Defense (x32 Version: 1.0.0) Ubisoft Game Launcher (x32 Version: Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Uplink (x32 Version: 1.00.0000) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Virtual Audio Cable 4.9 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0) VLC media player 1.1.11 (x32 Version: 1.1.11) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) WinRAR 4.01 (64-Bit) (Version: 4.01.0) World of Tanks (x32) XCOM: Enemy Unknown (x32) XSplit (x32 Version: 1.1.1210.3101) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A D:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {54AC95CA-E6F4-4378-84BF-3FCD5AF0F761} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => D:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {681BB8E1-1BB3-42CF-8712-272CDF575FED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {69DE5E44-1B17-4B39-BE42-1FB6FE3C5AB8} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7199F7CB-25D7-4044-A430-030D867E133B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-811119491-1448668925-1055750548-1000 Task: {738FC458-4F77-4767-B37B-3ED632D141DD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => D:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {ABC63AAD-6C85-49BF-A9F9-CAC4386FB983} - System32\Tasks\{C28C6F4A-617D-4330-BA85-B2056E2DF5A5} => D:\Programme\Steam\Steam.exe No File ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2013 06:29:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 05:54:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 05:27:27 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 04:58:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 11:41:10 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2013 01:25:56 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2013 09:31:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2013 11:26:51 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2013 02:04:17 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: LolClient.exe, Version:, Zeitstempel: 0x515663e0 Name des fehlerhaften Moduls: Air.dll, Version:, Zeitstempel: 0x511c7eb4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0000f66b ID des fehlerhaften Prozesses: 0xb10 Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0 Pfad der fehlerhaften Anwendung: LolClient.exe1 Pfad des fehlerhaften Moduls: LolClient.exe2 Berichtskennung: LolClient.exe3 Error: (07/16/2013 02:01:15 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: LolClient.exe, Version:, Zeitstempel: 0x515663e0 Name des fehlerhaften Moduls: Air.dll, Version:, Zeitstempel: 0x511c7eb4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002e72 ID des fehlerhaften Prozesses: 0xc5c Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0 Pfad der fehlerhaften Anwendung: LolClient.exe1 Pfad des fehlerhaften Moduls: LolClient.exe2 Berichtskennung: LolClient.exe3 System errors: ============= Error: (07/18/2013 06:29:26 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/18/2013 06:28:24 PM) (Source: NetBT) (User: ) Description: Der Name "MARKUS-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse registriert werden. Der Computer mit IP-Adresse hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/18/2013 05:54:06 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/18/2013 05:53:55 PM) (Source: DCOM) (User: ) Description: {AD1B0A76-DBB2-45C2-8403-45B8DD7FD503} Error: (07/18/2013 05:53:18 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (07/18/2013 05:51:27 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf Error: (07/18/2013 05:51:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/18/2013 05:51:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/18/2013 05:51:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/18/2013 05:51:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Microsoft Office Sessions: ========================= Error: (07/18/2013 06:29:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 05:54:15 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 05:27:27 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 04:58:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2013 11:41:10 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2013 01:25:56 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2013 09:31:33 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2013 11:26:51 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2013 02:04:17 AM) (Source: Application Error)(User: ) Description: LolClient.exe0.0.0.0515663e0Air.dll0.0.0.0511c7eb4c00004170000f66bb1001ce81b7c5b84ae7C:\Spiele\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\\deploy\LolClient.exeC:\Spiele\LOLReplay\Air.dll418ce89d-edab-11e2-8e7a-00241dd7eb11 Error: (07/16/2013 02:01:15 AM) (Source: Application Error)(User: ) Description: LolClient.exe0.0.0.0515663e0Air.dll0.0.0.0511c7eb4c000000500002e72c5c01ce81b0f0e9ec79C:\Spiele\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\\deploy\LolClient.exeC:\Spiele\LOLReplay\Air.dlld4c78915-edaa-11e2-8e7a-00241dd7eb11 CodeIntegrity Errors: =================================== Date: 2013-07-18 18:27:49.689 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 18:27:49.611 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 17:52:33.377 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 17:52:33.299 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 17:25:44.346 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 17:25:44.268 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 16:56:45.864 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 16:56:45.786 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 11:39:29.408 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 11:39:29.330 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 4094.49 MB Available physical RAM: 2550.75 MB Total Pagefile: 8187.17 MB Available Pagefile: 6512.2 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:547.24 GB) (Free:142.02 GB) NTFS (Disk=0 Partition=3) Drive d: () (Fixed) (Total:48.83 GB) (Free:2.18 GB) NTFS (Disk=0 Partition=2) Drive i: (INTENSO) (Removable) (Total:3.77 GB) (Free:1.05 GB) FAT32 (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: FF252D57) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=547 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0C) ==================== End Of Log ============================ frst FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02 Ran by Markus (administrator) on 18-07-2013 18:30:03 Running from D:\Users\Markus\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe (AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Protexis Inc.) d:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe (DT Soft Ltd) C:\Programme\DAEMON Tools Lite\DTLite.exe (Microsoft Corporation) D:\Program Files\Windows Sidebar\sidebar.exe (LOL Replay) C:\Spiele\LOLReplay\LOLRecorder.exe (Sun Microsystems, Inc.) D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Ocs_SM] - D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-11-23] (OCS) HKLM\...\Run: [Nvtmru] - D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation) HKCU\...\Run: [Skype] - D:\Program Files (x86)\Skype\Phone\Skype.exe [19549320 2011-10-13] (Skype Technologies S.A.) HKCU\...\Run: [Steam] - "C:\Programme\Steam\Steam.exe" -silent [x] HKCU\...\Run: [DAEMON Tools Lite] - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun [x] HKCU\...\Run: [Sidebar] - D:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [LOLReplay Recorder] - "C:\Spiele\LOLReplay\LOLRecorder.exe" -minimize [x] MountPoints2: {d7dd969e-f820-11e0-a66f-806e6f6e6963} - E:\BlueBirds.exe HKLM-x32\...\Run: [SunJavaUpdateSched] - "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [x] HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [x] Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk ShortcutTarget: LOLRecorder.lnk -> C:\Spiele\LOLReplay\LOLRecorder.exe (LOL Replay) Startup: D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> D:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&k=0 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&k=0 SearchScopes: HKCU - {2280D6B8-8478-4E85-A40E-25CCECB5EEB4} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {2D9CA1D1-C0C7-438D-ABC0-906110231777} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {310E9A85-91CF-4F92-A89F-CDEC767574B6} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {4C9FF16D-F3D0-4DF4-BA42-989CC7FE6CA3} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {A415114A-4415-48ED-B79E-C0103E75D08D} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {B1FAAED9-BC1C-4955-91B8-14F2F1BC402D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {E7BC88B6-140B-4D31-A041-EEBC3019C9EE} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4F524A266F3D267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D2661706E5F647469643D4F534A3030302661706E5F7569643D34393632413444442D423537432D343038422D383431442D3834314534413045303741452661706E5F73617569643D37333041453037392D353431302D343037312D393141392D383439363130313432314244&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&k=0 BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll No File BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - D:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default FF user.js: detected! => D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\user.js FF SelectedSearchEngine: Firefox Add-ons FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.3.1 - D:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.3.1 - D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: Adobe Reader - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - D:\Users\Markus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\firefox-add-ons.xml FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\{13E8D9A1-6723-424B-9367-0C0CC27D1421}.xml FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\{371F0F7A-23FB-418C-9FA5-EF11AFED3BCE}.xml FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\{610A8330-B92D-407E-AFC0-EDF69609214E}.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - D:\Users\Markus\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org FF Extension: Preispilot - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\extension@preispilot.com FF Extension: FireJump - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\firejump@firejump.net FF Extension: No Name - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF Extension: SweetIM Toolbar for Firefox - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} FF Extension: newtabgoogle - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\newtabgoogle@graememcc.co.uk.xpi FF Extension: searchy - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\searchy@searchy.xpi FF Extension: tineye - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\tineye@ideeinc.com.xpi FF Extension: No Name - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi FF Extension: Default - D:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] D:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - D:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] D:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - D:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] D:\Users\Markus\AppData\Roaming\14001.008 FF Extension: Java Link Helper - D:\Users\Markus\AppData\Roaming\14001.008 FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\firejump@firejump.net FF Extension: FireJump - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\firejump@firejump.net FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\extension@preispilot.com FF Extension: Preispilot - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\extension@preispilot.com ==================== Services (Whitelisted) ================= R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-09-06] (AVAST Software) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) S3 McComponentHostService; D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.) R2 SearchAnonymizer; D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-11-23] () S3 TunngleService; c:\spiele\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software) R2 aswMonFlt; D:\Windows\system32\drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software) R1 aswRdr; D:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software) R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software) R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software) R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software) R2 NPF_devolo; D:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies) R1 Serial; D:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 sptd; D:\Windows\System32\Drivers\sptd.sys [834544 2011-10-20] () R3 tap0901t; D:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) U3 a8i9jwwt; D:\Windows\System32\Drivers\a8i9jwwt.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-18 18:38 - 2013-07-18 18:38 - 00000000 ____D D:\FRST 2013-07-18 17:35 - 2013-07-18 17:24 - 01778209 _____ (Farbar) D:\Users\Markus\Desktop\FRST64.exe 2013-07-12 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesysprep.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll 2013-07-12 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll 2013-07-12 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) D:\Windows\system32\jscript.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) D:\Windows\system32\iesysprep.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll 2013-07-12 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) D:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 03:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb 2013-07-12 03:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb 2013-07-11 21:13 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) D:\Windows\system32\qedit.dll 2013-07-11 21:13 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\qedit.dll 2013-07-11 21:13 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) D:\Windows\system32\WMVDECOD.DLL 2013-07-11 21:13 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) D:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 21:12 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys 2013-07-11 21:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) D:\Windows\SysWOW64\DWrite.dll 2013-07-11 21:12 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) D:\Windows\system32\DWrite.dll 2013-07-07 22:35 - 2013-07-07 22:35 - 00042311 _____ D:\Users\Markus\Downloads\TS3MusicBot-plugin.rar 2013-07-07 22:35 - 2013-07-07 22:35 - 00000000 ____D D:\Users\Markus\Desktop\1.8 2013-07-03 09:04 - 2013-07-03 09:04 - 64922258 _____ D:\Users\Markus\Desktop\Werkstofftechnik.zip 2013-07-01 16:32 - 2013-07-01 16:32 - 00000000 ____D D:\Program Files (x86)\AGEIA Technologies 2013-07-01 16:30 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) D:\Windows\system32\nvoglv64.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) D:\Windows\system32\nvcompiler.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvoglv32.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcompiler.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) D:\Windows\system32\Drivers\nvlddmkm.sys 2013-07-01 16:30 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuda.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuda.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) D:\Windows\system32\nvopencl.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvopencl.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvid.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvid.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvenc.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvenc.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispco6432049.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispgenco6432049.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) D:\Windows\system32\NvFBC64.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) D:\Windows\system32\NvIFR64.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvIFR.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvFBC.dll 2013-07-01 16:29 - 2013-07-01 16:29 - 00000000 ____D D:\NVIDIA 2013-07-01 16:28 - 2013-07-01 16:28 - 00000000 ____D D:\Users\Markus\AppData\Local\NVIDIA 2013-06-30 12:33 - 2013-06-30 12:33 - 84167392 _____ D:\Users\Markus\Downloads\BattleForgeInstall.exe 2013-06-30 12:32 - 2013-06-30 12:32 - 00000000 ____D D:\Windows\System32\Tasks\Games 2013-06-29 11:59 - 2013-06-29 12:00 - 14925176 _____ (Last.fm ) D:\Users\Markus\Downloads\Last.fm-2.1.35.exe 2013-06-24 21:01 - 2013-06-24 21:01 - 01720508 _____ D:\Users\Markus\troll.wav 2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvStreaming.exe 2013-06-19 20:34 - 2013-06-19 20:34 - 55854060 _____ D:\Users\Markus\Downloads\Werkstofftechnik Dani.rar ==================== One Month Modified Files and Folders ======= 2013-07-18 18:38 - 2013-07-18 18:38 - 00000000 ____D D:\FRST 2013-07-18 18:30 - 2011-10-16 21:17 - 00000000 ____D D:\Users\Markus\AppData\Roaming\Skype 2013-07-18 18:29 - 2011-10-16 21:16 - 00000000 ____D D:\Users\Markus\AppData\Roaming\TeraCopy 2013-07-18 18:29 - 2011-10-16 20:38 - 00000000 ____D D:\Users\Markus\AppData\Roaming\Dropbox 2013-07-18 18:28 - 2009-07-14 07:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT 2013-07-18 18:27 - 2011-11-03 01:24 - 00000000 ____D D:\ProgramData\NVIDIA 2013-07-18 18:27 - 2009-07-14 06:51 - 00399344 _____ D:\Windows\setupact.log 2013-07-18 17:29 - 2011-10-16 20:04 - 01215614 _____ D:\Windows\WindowsUpdate.log 2013-07-18 17:29 - 2009-07-14 06:45 - 00022032 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-18 17:29 - 2009-07-14 06:45 - 00022032 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-18 17:24 - 2013-07-18 17:35 - 01778209 _____ (Farbar) D:\Users\Markus\Desktop\FRST64.exe 2013-07-18 17:01 - 2009-07-14 06:45 - 00024576 _____ D:\Windows\system32\umstartup.etl 2013-07-18 16:16 - 2011-10-16 21:26 - 00000000 ____D D:\Users\Markus\AppData\Local\PMB Files 2013-07-18 16:16 - 2011-10-16 21:26 - 00000000 ____D D:\ProgramData\PMB Files 2013-07-17 22:05 - 2011-10-18 15:45 - 00000000 ____D D:\Users\Markus\AppData\Roaming\TS3Client 2013-07-16 02:04 - 2012-11-09 13:29 - 00000000 ____D D:\Users\Markus\AppData\Local\CrashDumps 2013-07-15 00:00 - 2012-01-09 15:36 - 00000000 ____D D:\Users\Markus\AppData\Local\PokerStars.EU 2013-07-14 23:54 - 2012-01-28 12:59 - 00732160 ___SH D:\Users\Markus\Thumbs.db 2013-07-14 23:53 - 2011-10-16 20:33 - 00000000 ____D D:\Users\Markus 2013-07-12 11:05 - 2009-07-14 06:45 - 00294952 _____ D:\Windows\system32\FNTCACHE.DAT 2013-07-12 11:04 - 2013-03-13 19:06 - 00000000 ____D D:\Program Files\Microsoft Silverlight 2013-07-12 11:04 - 2013-03-13 19:06 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight 2013-07-12 03:10 - 2011-04-12 09:55 - 00000000 ____D D:\Program Files\Windows Journal 2013-07-12 03:10 - 2009-07-14 07:32 - 00000000 ____D D:\Program Files\Windows Defender 2013-07-12 03:10 - 2009-07-14 07:32 - 00000000 ____D D:\Program Files (x86)\Windows Defender 2013-07-09 17:06 - 2011-10-16 20:38 - 00000000 ____D D:\Program Files (x86)\Mozilla Thunderbird 2013-07-09 16:52 - 2012-09-26 15:33 - 00000000 ____D D:\Users\Markus\Documents\Guild Wars 2 2013-07-07 22:35 - 2013-07-07 22:35 - 00042311 _____ D:\Users\Markus\Downloads\TS3MusicBot-plugin.rar 2013-07-07 22:35 - 2013-07-07 22:35 - 00000000 ____D D:\Users\Markus\Desktop\1.8 2013-07-03 09:04 - 2013-07-03 09:04 - 64922258 _____ D:\Users\Markus\Desktop\Werkstofftechnik.zip 2013-07-01 16:32 - 2013-07-01 16:32 - 00000000 ____D D:\Program Files (x86)\AGEIA Technologies 2013-07-01 16:32 - 2011-11-03 01:24 - 00000000 ____D D:\Program Files (x86)\NVIDIA Corporation 2013-07-01 16:29 - 2013-07-01 16:29 - 00000000 ____D D:\NVIDIA 2013-07-01 16:28 - 2013-07-01 16:28 - 00000000 ____D D:\Users\Markus\AppData\Local\NVIDIA 2013-07-01 16:24 - 2011-11-03 01:23 - 00000000 ____D D:\ProgramData\NVIDIA Corporation 2013-06-30 12:53 - 2012-01-17 14:11 - 00000000 ____D D:\Users\Markus\Documents\BattleForge 2013-06-30 12:33 - 2013-06-30 12:33 - 84167392 _____ D:\Users\Markus\Downloads\BattleForgeInstall.exe 2013-06-30 12:32 - 2013-06-30 12:32 - 00000000 ____D D:\Windows\System32\Tasks\Games 2013-06-29 12:00 - 2013-06-29 11:59 - 14925176 _____ (Last.fm ) D:\Users\Markus\Downloads\Last.fm-2.1.35.exe 2013-06-24 21:01 - 2013-06-24 21:01 - 01720508 _____ D:\Users\Markus\troll.wav 2013-06-23 00:20 - 2013-01-17 18:18 - 00000000 ____D D:\Users\Markus\Documents\Euro Truck Simulator 2 2013-06-21 14:06 - 2013-07-01 16:30 - 27781920 _____ (NVIDIA Corporation) D:\Windows\system32\nvoglv64.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 25256224 _____ (NVIDIA Corporation) D:\Windows\system32\nvcompiler.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 21102368 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvoglv32.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 17560352 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcompiler.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 11235104 _____ (NVIDIA Corporation) D:\Windows\system32\Drivers\nvlddmkm.sys 2013-06-21 14:06 - 2013-07-01 16:30 - 09239344 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuda.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 07687592 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuda.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 07641832 _____ (NVIDIA Corporation) D:\Windows\system32\nvopencl.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 06324360 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvopencl.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02953504 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvid.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02777888 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvid.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02363680 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvenc.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02002720 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvenc.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 01832224 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispco6432049.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 01511712 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispgenco6432049.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00572704 _____ (NVIDIA Corporation) D:\Windows\system32\NvFBC64.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00570656 _____ (NVIDIA Corporation) D:\Windows\system32\NvIFR64.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00467232 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvIFR.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00465184 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvFBC.dll 2013-06-21 14:06 - 2013-02-26 00:32 - 13411896 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvwgf2um.dll 2013-06-21 14:06 - 2012-02-21 19:45 - 15144928 _____ (NVIDIA Corporation) D:\Windows\system32\nvd3dumx.dll 2013-06-21 14:06 - 2012-02-21 19:45 - 02597856 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvapi.dll 2013-06-21 14:06 - 2011-05-21 07:01 - 02936208 _____ (NVIDIA Corporation) D:\Windows\system32\nvapi64.dll 2013-06-21 14:06 - 2011-05-21 07:01 - 00021578 _____ D:\Windows\system32\nvinfo.pb 2013-06-21 14:06 - 2009-07-13 23:59 - 15920536 _____ (NVIDIA Corporation) D:\Windows\system32\nvwgf2umx.dll 2013-06-21 14:06 - 2009-06-10 22:37 - 12427240 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvd3dum.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 06496544 _____ (NVIDIA Corporation) D:\Windows\system32\nvcpl.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 03514656 _____ (NVIDIA Corporation) D:\Windows\system32\nvsvc64.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 02555680 _____ (NVIDIA Corporation) D:\Windows\system32\nvsvcr.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 00884512 _____ (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe 2013-06-21 12:23 - 2011-11-03 01:24 - 00237856 _____ (NVIDIA Corporation) D:\Windows\system32\nvmctray.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 00063776 _____ (NVIDIA Corporation) D:\Windows\system32\nvshext.dll 2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvStreaming.exe 2013-06-20 20:08 - 2011-04-12 09:43 - 01711148 _____ D:\Windows\system32\perfh007.dat 2013-06-20 20:08 - 2011-04-12 09:43 - 00464978 _____ D:\Windows\system32\perfc007.dat 2013-06-20 20:08 - 2009-07-14 07:13 - 00006458 _____ D:\Windows\system32\PerfStringBackup.INI 2013-06-19 20:34 - 2013-06-19 20:34 - 55854060 _____ D:\Users\Markus\Downloads\Werkstofftechnik Dani.rar ==================== Bamital & volsnap Check ================= D:\Windows\System32\winlogon.exe => MD5 is legit D:\Windows\System32\wininit.exe => MD5 is legit D:\Windows\SysWOW64\wininit.exe => MD5 is legit D:\Windows\explorer.exe => MD5 is legit D:\Windows\SysWOW64\explorer.exe => MD5 is legit D:\Windows\System32\svchost.exe => MD5 is legit D:\Windows\SysWOW64\svchost.exe => MD5 is legit D:\Windows\System32\services.exe => MD5 is legit D:\Windows\System32\User32.dll => MD5 is legit D:\Windows\SysWOW64\User32.dll => MD5 is legit D:\Windows\System32\userinit.exe => MD5 is legit D:\Windows\SysWOW64\userinit.exe => MD5 is legit D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 09:40 ==================== End Of Log ============================ & danke für deine Mühe !!!! |
Brauche Fixlist für Farbar Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
__________________ --> Brauche Fixlist für Farbar |
| ![]() Brauche Fixlist für Farbar Er gibt mir nur die Meldung zurück, dass die Datei nicht gefunden wurde. |
Brauche Fixlist für Farbar Starte noch einmal FRST.
__________________ cheers, Leo |
| ![]() Brauche Fixlist für Farbar Sorry, hat länger gedauert, weil ich mich nicht einloggen konnte... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02 Ran by Markus (administrator) on 18-07-2013 19:02:10 Running from D:\Users\Markus\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe (AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Protexis Inc.) d:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) D:\Program Files\Windows Sidebar\sidebar.exe (LOL Replay) C:\Spiele\LOLReplay\LOLRecorder.exe (Sun Microsystems, Inc.) D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sun Microsystems, Inc.) D:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (TeamSpeak Systems GmbH) C:\Programme\TeamSpeak 3 Client\ts3client_win64.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Ocs_SM] - D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-11-23] (OCS) HKLM\...\Run: [Nvtmru] - D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation) HKCU\...\Run: [Skype] - D:\Program Files (x86)\Skype\Phone\Skype.exe [19549320 2011-10-13] (Skype Technologies S.A.) HKCU\...\Run: [Steam] - "C:\Programme\Steam\Steam.exe" -silent [x] HKCU\...\Run: [DAEMON Tools Lite] - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun [x] HKCU\...\Run: [Sidebar] - D:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [LOLReplay Recorder] - "C:\Spiele\LOLReplay\LOLRecorder.exe" -minimize [x] MountPoints2: {d7dd969e-f820-11e0-a66f-806e6f6e6963} - E:\BlueBirds.exe HKLM-x32\...\Run: [SunJavaUpdateSched] - "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [x] HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [x] Startup: D:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> D:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&k=0 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&k=0 SearchScopes: HKCU - {2280D6B8-8478-4E85-A40E-25CCECB5EEB4} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {2D9CA1D1-C0C7-438D-ABC0-906110231777} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {310E9A85-91CF-4F92-A89F-CDEC767574B6} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {4C9FF16D-F3D0-4DF4-BA42-989CC7FE6CA3} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {A415114A-4415-48ED-B79E-C0103E75D08D} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {B1FAAED9-BC1C-4955-91B8-14F2F1BC402D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&mode=bounce&k=0 SearchScopes: HKCU - {E7BC88B6-140B-4D31-A041-EEBC3019C9EE} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4F524A266F3D267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D2661706E5F647469643D4F534A3030302661706E5F7569643D34393632413444442D423537432D343038422D383431442D3834314534413045303741452661706E5F73617569643D37333041453037392D353431302D343037312D393141392D383439363130313432314244&st={searchTerms}&clid=a96be309-00a3-447c-bb38-de9c70d50b31&pid=netzwelt&k=0 BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll No File BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - D:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default FF user.js: detected! => D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\user.js FF SelectedSearchEngine: Firefox Add-ons FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.3.1 - D:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.3.1 - D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: Adobe Reader - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - D:\Users\Markus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\firefox-add-ons.xml FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\{13E8D9A1-6723-424B-9367-0C0CC27D1421}.xml FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\{371F0F7A-23FB-418C-9FA5-EF11AFED3BCE}.xml FF SearchPlugin: D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\searchplugins\{610A8330-B92D-407E-AFC0-EDF69609214E}.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - D:\Users\Markus\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org FF Extension: Preispilot - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\extension@preispilot.com FF Extension: FireJump - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\firejump@firejump.net FF Extension: No Name - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF Extension: SweetIM Toolbar for Firefox - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} FF Extension: newtabgoogle - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\newtabgoogle@graememcc.co.uk.xpi FF Extension: searchy - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\searchy@searchy.xpi FF Extension: tineye - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\tineye@ideeinc.com.xpi FF Extension: No Name - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\Extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi FF Extension: Default - D:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] D:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! WebRep - D:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] D:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - D:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] D:\Users\Markus\AppData\Roaming\14001.008 FF Extension: Java Link Helper - D:\Users\Markus\AppData\Roaming\14001.008 FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\firejump@firejump.net FF Extension: FireJump - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\firejump@firejump.net FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\extension@preispilot.com FF Extension: Preispilot - D:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\jp50mafs.default\extensions\extension@preispilot.com ==================== Services (Whitelisted) ================= R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-09-06] (AVAST Software) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) S3 McComponentHostService; D:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.) R4 SearchAnonymizer; D:\Users\Markus\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-11-23] () S3 TunngleService; c:\spiele\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software) R2 aswMonFlt; D:\Windows\system32\drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software) R1 aswRdr; D:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software) R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software) R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software) R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software) R2 NPF_devolo; D:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies) R1 Serial; D:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 sptd; D:\Windows\System32\Drivers\sptd.sys [834544 2011-10-20] () R3 tap0901t; D:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) U3 a8i9jwwt; D:\Windows\System32\Drivers\a8i9jwwt.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-18 18:38 - 2013-07-18 18:38 - 00000000 ____D D:\FRST 2013-07-18 18:30 - 2013-07-18 18:31 - 00026012 _____ D:\Users\Markus\Desktop\Addition.txt 2013-07-18 17:35 - 2013-07-18 17:24 - 01778209 _____ (Farbar) D:\Users\Markus\Desktop\FRST64.exe 2013-07-12 03:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll 2013-07-12 03:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesysprep.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll 2013-07-12 03:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll 2013-07-12 03:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll 2013-07-12 03:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) D:\Windows\system32\jscript.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) D:\Windows\system32\iesysprep.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll 2013-07-12 03:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll 2013-07-12 03:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 03:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) D:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 03:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb 2013-07-12 03:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb 2013-07-11 21:13 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) D:\Windows\system32\qedit.dll 2013-07-11 21:13 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\qedit.dll 2013-07-11 21:13 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) D:\Windows\system32\WMVDECOD.DLL 2013-07-11 21:13 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) D:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 21:12 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys 2013-07-11 21:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) D:\Windows\SysWOW64\DWrite.dll 2013-07-11 21:12 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) D:\Windows\system32\DWrite.dll 2013-07-07 22:35 - 2013-07-07 22:35 - 00042311 _____ D:\Users\Markus\Downloads\TS3MusicBot-plugin.rar 2013-07-07 22:35 - 2013-07-07 22:35 - 00000000 ____D D:\Users\Markus\Desktop\1.8 2013-07-03 09:04 - 2013-07-03 09:04 - 64922258 _____ D:\Users\Markus\Desktop\Werkstofftechnik.zip 2013-07-01 16:32 - 2013-07-01 16:32 - 00000000 ____D D:\Program Files (x86)\AGEIA Technologies 2013-07-01 16:30 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) D:\Windows\system32\nvoglv64.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) D:\Windows\system32\nvcompiler.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvoglv32.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcompiler.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) D:\Windows\system32\Drivers\nvlddmkm.sys 2013-07-01 16:30 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuda.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuda.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) D:\Windows\system32\nvopencl.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvopencl.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvid.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvid.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvenc.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvenc.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispco6432049.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispgenco6432049.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) D:\Windows\system32\NvFBC64.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) D:\Windows\system32\NvIFR64.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvIFR.dll 2013-07-01 16:30 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvFBC.dll 2013-07-01 16:29 - 2013-07-01 16:29 - 00000000 ____D D:\NVIDIA 2013-07-01 16:28 - 2013-07-01 16:28 - 00000000 ____D D:\Users\Markus\AppData\Local\NVIDIA 2013-06-30 12:33 - 2013-06-30 12:33 - 84167392 _____ D:\Users\Markus\Downloads\BattleForgeInstall.exe 2013-06-30 12:32 - 2013-06-30 12:32 - 00000000 ____D D:\Windows\System32\Tasks\Games 2013-06-29 11:59 - 2013-06-29 12:00 - 14925176 _____ (Last.fm ) D:\Users\Markus\Downloads\Last.fm-2.1.35.exe 2013-06-24 21:01 - 2013-06-24 21:01 - 01720508 _____ D:\Users\Markus\troll.wav 2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvStreaming.exe 2013-06-19 20:34 - 2013-06-19 20:34 - 55854060 _____ D:\Users\Markus\Downloads\Werkstofftechnik Dani.rar ==================== One Month Modified Files and Folders ======= 2013-07-18 19:01 - 2011-10-16 21:17 - 00000000 ____D D:\Users\Markus\AppData\Roaming\Skype 2013-07-18 18:52 - 2011-10-18 15:45 - 00000000 ____D D:\Users\Markus\AppData\Roaming\TS3Client 2013-07-18 18:38 - 2013-07-18 18:38 - 00000000 ____D D:\FRST 2013-07-18 18:35 - 2012-01-05 22:23 - 00000000 ____D D:\Windows\pss 2013-07-18 18:35 - 2009-07-14 06:45 - 00022032 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-18 18:35 - 2009-07-14 06:45 - 00022032 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-18 18:31 - 2013-07-18 18:30 - 00026012 _____ D:\Users\Markus\Desktop\Addition.txt 2013-07-18 18:31 - 2011-10-16 21:16 - 00000000 ____D D:\Users\Markus\AppData\Roaming\TeraCopy 2013-07-18 18:29 - 2011-10-16 20:38 - 00000000 ____D D:\Users\Markus\AppData\Roaming\Dropbox 2013-07-18 18:28 - 2009-07-14 07:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT 2013-07-18 18:27 - 2011-11-03 01:24 - 00000000 ____D D:\ProgramData\NVIDIA 2013-07-18 18:27 - 2009-07-14 06:51 - 00399344 _____ D:\Windows\setupact.log 2013-07-18 17:29 - 2011-10-16 20:04 - 01236006 _____ D:\Windows\WindowsUpdate.log 2013-07-18 17:24 - 2013-07-18 17:35 - 01778209 _____ (Farbar) D:\Users\Markus\Desktop\FRST64.exe 2013-07-18 17:01 - 2009-07-14 06:45 - 00024576 _____ D:\Windows\system32\umstartup.etl 2013-07-18 16:16 - 2011-10-16 21:26 - 00000000 ____D D:\Users\Markus\AppData\Local\PMB Files 2013-07-18 16:16 - 2011-10-16 21:26 - 00000000 ____D D:\ProgramData\PMB Files 2013-07-16 02:04 - 2012-11-09 13:29 - 00000000 ____D D:\Users\Markus\AppData\Local\CrashDumps 2013-07-15 00:00 - 2012-01-09 15:36 - 00000000 ____D D:\Users\Markus\AppData\Local\PokerStars.EU 2013-07-14 23:54 - 2012-01-28 12:59 - 00732160 ___SH D:\Users\Markus\Thumbs.db 2013-07-14 23:53 - 2011-10-16 20:33 - 00000000 ____D D:\Users\Markus 2013-07-12 11:05 - 2009-07-14 06:45 - 00294952 _____ D:\Windows\system32\FNTCACHE.DAT 2013-07-12 11:04 - 2013-03-13 19:06 - 00000000 ____D D:\Program Files\Microsoft Silverlight 2013-07-12 11:04 - 2013-03-13 19:06 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight 2013-07-12 03:10 - 2011-04-12 09:55 - 00000000 ____D D:\Program Files\Windows Journal 2013-07-12 03:10 - 2009-07-14 07:32 - 00000000 ____D D:\Program Files\Windows Defender 2013-07-12 03:10 - 2009-07-14 07:32 - 00000000 ____D D:\Program Files (x86)\Windows Defender 2013-07-09 17:06 - 2011-10-16 20:38 - 00000000 ____D D:\Program Files (x86)\Mozilla Thunderbird 2013-07-09 16:52 - 2012-09-26 15:33 - 00000000 ____D D:\Users\Markus\Documents\Guild Wars 2 2013-07-07 22:35 - 2013-07-07 22:35 - 00042311 _____ D:\Users\Markus\Downloads\TS3MusicBot-plugin.rar 2013-07-07 22:35 - 2013-07-07 22:35 - 00000000 ____D D:\Users\Markus\Desktop\1.8 2013-07-03 09:04 - 2013-07-03 09:04 - 64922258 _____ D:\Users\Markus\Desktop\Werkstofftechnik.zip 2013-07-01 16:32 - 2013-07-01 16:32 - 00000000 ____D D:\Program Files (x86)\AGEIA Technologies 2013-07-01 16:32 - 2011-11-03 01:24 - 00000000 ____D D:\Program Files (x86)\NVIDIA Corporation 2013-07-01 16:29 - 2013-07-01 16:29 - 00000000 ____D D:\NVIDIA 2013-07-01 16:28 - 2013-07-01 16:28 - 00000000 ____D D:\Users\Markus\AppData\Local\NVIDIA 2013-07-01 16:24 - 2011-11-03 01:23 - 00000000 ____D D:\ProgramData\NVIDIA Corporation 2013-06-30 12:53 - 2012-01-17 14:11 - 00000000 ____D D:\Users\Markus\Documents\BattleForge 2013-06-30 12:33 - 2013-06-30 12:33 - 84167392 _____ D:\Users\Markus\Downloads\BattleForgeInstall.exe 2013-06-30 12:32 - 2013-06-30 12:32 - 00000000 ____D D:\Windows\System32\Tasks\Games 2013-06-29 12:00 - 2013-06-29 11:59 - 14925176 _____ (Last.fm ) D:\Users\Markus\Downloads\Last.fm-2.1.35.exe 2013-06-24 21:01 - 2013-06-24 21:01 - 01720508 _____ D:\Users\Markus\troll.wav 2013-06-23 00:20 - 2013-01-17 18:18 - 00000000 ____D D:\Users\Markus\Documents\Euro Truck Simulator 2 2013-06-21 14:06 - 2013-07-01 16:30 - 27781920 _____ (NVIDIA Corporation) D:\Windows\system32\nvoglv64.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 25256224 _____ (NVIDIA Corporation) D:\Windows\system32\nvcompiler.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 21102368 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvoglv32.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 17560352 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcompiler.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 11235104 _____ (NVIDIA Corporation) D:\Windows\system32\Drivers\nvlddmkm.sys 2013-06-21 14:06 - 2013-07-01 16:30 - 09239344 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuda.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 07687592 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuda.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 07641832 _____ (NVIDIA Corporation) D:\Windows\system32\nvopencl.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 06324360 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvopencl.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02953504 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvid.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02777888 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvid.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02363680 _____ (NVIDIA Corporation) D:\Windows\system32\nvcuvenc.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 02002720 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvcuvenc.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 01832224 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispco6432049.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 01511712 _____ (NVIDIA Corporation) D:\Windows\system32\nvdispgenco6432049.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00572704 _____ (NVIDIA Corporation) D:\Windows\system32\NvFBC64.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00570656 _____ (NVIDIA Corporation) D:\Windows\system32\NvIFR64.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00467232 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvIFR.dll 2013-06-21 14:06 - 2013-07-01 16:30 - 00465184 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\NvFBC.dll 2013-06-21 14:06 - 2013-02-26 00:32 - 13411896 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvwgf2um.dll 2013-06-21 14:06 - 2012-02-21 19:45 - 15144928 _____ (NVIDIA Corporation) D:\Windows\system32\nvd3dumx.dll 2013-06-21 14:06 - 2012-02-21 19:45 - 02597856 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvapi.dll 2013-06-21 14:06 - 2011-05-21 07:01 - 02936208 _____ (NVIDIA Corporation) D:\Windows\system32\nvapi64.dll 2013-06-21 14:06 - 2011-05-21 07:01 - 00021578 _____ D:\Windows\system32\nvinfo.pb 2013-06-21 14:06 - 2009-07-13 23:59 - 15920536 _____ (NVIDIA Corporation) D:\Windows\system32\nvwgf2umx.dll 2013-06-21 14:06 - 2009-06-10 22:37 - 12427240 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvd3dum.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 06496544 _____ (NVIDIA Corporation) D:\Windows\system32\nvcpl.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 03514656 _____ (NVIDIA Corporation) D:\Windows\system32\nvsvc64.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 02555680 _____ (NVIDIA Corporation) D:\Windows\system32\nvsvcr.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 00884512 _____ (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe 2013-06-21 12:23 - 2011-11-03 01:24 - 00237856 _____ (NVIDIA Corporation) D:\Windows\system32\nvmctray.dll 2013-06-21 12:23 - 2011-11-03 01:24 - 00063776 _____ (NVIDIA Corporation) D:\Windows\system32\nvshext.dll 2013-06-21 05:16 - 2013-06-21 05:16 - 00566048 _____ (NVIDIA Corporation) D:\Windows\SysWOW64\nvStreaming.exe 2013-06-20 20:08 - 2011-04-12 09:43 - 01711148 _____ D:\Windows\system32\perfh007.dat 2013-06-20 20:08 - 2011-04-12 09:43 - 00464978 _____ D:\Windows\system32\perfc007.dat 2013-06-20 20:08 - 2009-07-14 07:13 - 00006458 _____ D:\Windows\system32\PerfStringBackup.INI 2013-06-19 20:34 - 2013-06-19 20:34 - 55854060 _____ D:\Users\Markus\Downloads\Werkstofftechnik Dani.rar ==================== Bamital & volsnap Check ================= D:\Windows\System32\winlogon.exe => MD5 is legit D:\Windows\System32\wininit.exe => MD5 is legit D:\Windows\SysWOW64\wininit.exe => MD5 is legit D:\Windows\explorer.exe => MD5 is legit D:\Windows\SysWOW64\explorer.exe => MD5 is legit D:\Windows\System32\svchost.exe => MD5 is legit D:\Windows\SysWOW64\svchost.exe => MD5 is legit D:\Windows\System32\services.exe => MD5 is legit D:\Windows\System32\User32.dll => MD5 is legit D:\Windows\SysWOW64\User32.dll => MD5 is legit D:\Windows\System32\userinit.exe => MD5 is legit D:\Windows\SysWOW64\userinit.exe => MD5 is legit D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 09:40 ==================== End Of Log ============================ |
Brauche Fixlist für Farbar Ja da passt noch nicht alles. Schritt 1 Downloade Dir bitte
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
Brauche Fixlist für Farbar Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ cheers, Leo |
Brauche Fixlist für Farbar Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
