| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Von GVU-Trojaner befallen (Win7)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.07.2013, 00:13
| #1 |
| |  Von GVU-Trojaner befallen (Win7) Hallo, ich habe das Problem, dass am 17.07 beim Einloggen in ein Benutzer-Konto (nicht der Admin) der GVU-Trojaner erschien. Glücklicherweise konnte ich mich mit dem Admin normal einloggen. Ich habe den PC die letzten drei Tage vom Strom getrennt und mich heute gleich hier registriert. Was ich bisher auf eigene Faust unternommen habe: 1. Eine .exe vom 17.07 gelöscht, was dazu führte, dass die Meldung der "GVU" nicht mehr nach dem Einloggen erschien, sondern der Vorgang dort stoppte, wo eine Art Windows-Fenster (schwarzer Hintergrund, weiße Schrift) erscheint. Dort stand dann irgendwas davon, dass X.exe (X= willkürliche Buchstabenkombination) nicht ausgeführt werden konnte. 2. Malware Bytes scannen lassen, jedoch abgebrochen um mit den benötigten Schritten für einen Forenpost zu beginnen, damit ich den Thread heute noch fertig bekomme. Ich frage mich nun, wie ich diesen Trojaner(?) vollständig entfernen kann, welche Risiken dadurch entstanden sind und wie ich mich wieder vollkommen sicher fühlen kann. Danke für eure Hilfe ! Anhang 58052 |
|
20.07.2013, 09:02
| #2 |
| /// the machine /// TB-Ausbilder    | Von GVU-Trojaner befallen (Win7) Hi,
__________________Logfiles bitte in den thread posten und nicht anhängen 
__________________ |
|
20.07.2013, 11:13
| #3 |
| | Von GVU-Trojaner befallen (Win7) Das sind allerdings zuviele Zeichen und ich bekomme die Info, die Logs als Archiv anzuhängen ? Ich mache nun einfach zwei Posts draus.
__________________Kann ich den PC übrigens nutzen, solange das Problem bearbeitet wird, oder laufe ich Gefahr, das z.B. Log-in Passwörter etc in falsche Hände gelangen ? Extras Code:
ATTFilter OTL Extras logfile created on: 20.07.2013 00:10:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = Z:\Trojaner Board Programme
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,57% Memory free
10,00 Gb Paging File | 7,98 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 3,71 Gb Free Space | 6,24% Space Free | Partition Type: NTFS
Drive G: | 688,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive R: | 135,72 Gb Total Space | 1,35 Gb Free Space | 1,00% Space Free | Partition Type: NTFS
Drive Z: | 97,75 Gb Total Space | 8,24 Gb Free Space | 8,43% Space Free | Partition Type: NTFS
Computer Name: CARPEDIEM | User Name: K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- R:\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "R:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "R:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Z:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "Z:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "R:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "R:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Z:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "Z:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EC9074-0840-4A5E-8C01-25E77D57A532}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{09ADAA60-946B-4563-B0DF-03ACEA7F3E1B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{104EDB9E-3193-4326-AF33-708F96B04735}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{151C5C9E-1167-4C26-8128-27DE7FBD3BAE}" = lport=6004 | protocol=17 | dir=in | app=r:\microsoft office\office14\outlook.exe |
"{18825E51-FE15-4DF2-A1AD-CF7C4A8E2487}" = rport=80 | protocol=6 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.exe |
"{1A4AFB7B-7E1D-4342-964D-A8B7D854451A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1E1228AF-ECCA-4AD3-A778-81072C8908BF}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{28220421-E589-4675-AAB8-D961C2DED3AF}" = rport=138 | protocol=17 | dir=out | app=system |
"{367248EB-6BB1-4BFF-9E0B-2A992F11EFB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C6AF7FF-63B6-48B2-ABD8-095F8AD92117}" = lport=138 | protocol=17 | dir=in | app=system |
"{56515D11-242F-41AB-80EB-D0E1A628D210}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D02B701-A934-4F43-94E2-92CBAC491132}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5D73F37A-12F4-49A5-ABC8-F6A995BFBA7F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{60219D22-7F17-42CC-9272-AE9D8DC384B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{668B15F4-412C-4653-A2AF-32FBB9B36007}" = rport=137 | protocol=17 | dir=out | app=system |
"{6964B9C8-E3FC-4F58-A842-3719C3F5DD3B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6ADED509-8E54-4C67-8984-43BC83391C9D}" = rport=80 | protocol=6 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.x64.exe |
"{6E952DD3-C1B3-4061-A919-F586D0EF4AEF}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{762B2C9B-7E3B-4836-BB85-C2ED072E32B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7BD3F538-90D9-4C58-A656-BC9F5402D104}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80AFFA58-1678-44CE-896D-EB8375EB8930}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{814E5B8A-7441-4A56-807B-FC48D71883D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{866AE956-0601-4FEF-88E0-A492885E5F1B}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{89B52819-53E9-4D23-B53F-424592A89809}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90093921-9F03-489F-98A9-A5A82AE603CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{978FD291-1B9B-4C13-B7B6-1E430D38BEBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99A2C1FA-C039-418A-AEDE-9C4805F5B477}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{9D345F78-ED51-4D7C-AC94-AB7B7216893C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9DBB513C-78D2-43FC-AE43-003C6436DB00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABE3EFAB-F3C6-454B-988F-6997F7943C95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACCCDA1B-CF26-4CE7-BD6A-A43C3640439B}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD35D270-CC95-4DDC-B569-4C1E060835D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B28B4DAA-F164-44B7-A689-5A43F25E8970}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5A4386E-66A6-40CB-BE23-F80AFC803634}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B80DCA76-9A80-48DB-8AC6-81AD7FFDC1DC}" = lport=rpc | protocol=6 | dir=in | app=r:\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe |
"{B943BE3A-8A69-403C-89C8-B9788CC4AE73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDD8C180-3D47-4960-B46C-15B107F47F10}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2F91682-ECC6-4C26-BD38-25D1B6332AC8}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{C4C75F8E-1250-49D9-80F0-458C59D602A9}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{EF7C21F7-05F9-4EA0-8FD5-023B3AFE3DAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{F4B23E78-D9B6-4810-8A90-1A261A1EFFB5}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{FD1E3AFA-504D-4163-AA7B-26CA4BC62691}" = rport=80 | protocol=6 | dir=out | app=r:\steam\steamapps\common\warframe\tools\launcher.exe |
"{FD4BC17B-3FA5-4EAB-83C4-1151CDB9CB2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0022CE8C-5701-404C-8E3B-98E22B69B40C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{002EDD9A-3B60-4ED8-86C4-56CA3146EAC3}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{0340E960-024D-432F-89AD-3DBBCE930842}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{03E9D524-EB33-4216-A89C-1636DFE49459}" = protocol=58 | dir=in | app=system |
"{0759AC7C-00A9-4021-A2C8-C3B7D919E351}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0805A13A-948A-4721-B0E8-2F1D3DB08B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{08D1D10C-382F-4C05-87F9-ECCAF077061D}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{09F2C52F-A85F-45A4-B79C-8C48F7B0D9FA}" = protocol=6 | dir=in | app=r:\vindictus eu\en-eu\nmservice.exe |
"{0B893FDB-415D-4489-987B-F60F361204E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D426C48-34E5-4030-8779-812A0A276022}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{113EEB1B-E969-407D-829C-44E7C1179609}" = protocol=6 | dir=in | app=r:\starcraft ii\versions\base15405\sc2.exe |
"{12C570BC-56FA-4EF4-9F33-A9344B5B6EEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12F2C9B3-1059-44D9-B81F-1E860D5051F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{143ED5BB-C5BF-4EEF-B38A-92F8C2339798}" = protocol=17 | dir=in | app=r:\starcraft ii\starcraft ii.exe |
"{16838E49-BE72-4BDF-A294-7391CA190AF1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{179D668A-E0B4-471D-8F7F-C33A24DFC93E}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{1E6BBFCF-01DF-4113-9817-1BA423B10ECF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1EF0D3D1-1D1D-43EC-9DB0-0B32ABD87312}" = protocol=17 | dir=in | app=r:\vindictus eu\en-eu\nmservice.exe |
"{2054887B-E288-4DD8-8022-A1323B9877B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22161AB7-D407-4ED5-A562-465D2455450B}" = protocol=6 | dir=in | app=r:\mass effect 2\masseffect2launcher.exe |
"{23A4CDB1-941B-4312-BA43-6B9E5E12C290}" = protocol=6 | dir=in | app=z:\diablo iii\diablo iii.exe |
"{245AE70F-2440-40EB-9C03-5B62DD74D633}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{2656F467-72AE-437A-BDF6-D8359D402C01}" = protocol=17 | dir=in | app=r:\starcraft ii\versions\base15405\sc2.exe |
"{26DE9217-01D3-439B-8A45-DC737A3D647C}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\warframe\warframe.exe |
"{27666962-949C-484C-B417-CB0C1DF4B058}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2C385A83-A6CA-4343-9112-CD709B0A5839}" = protocol=6 | dir=out | app=system |
"{2DEDD79E-5134-48FA-BBCB-1233163ECEB0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{2E9C32A5-3492-4B8E-82B0-BDF8EE53C194}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\warframe\warframe.x64.exe |
"{2EFFBF84-C88F-4500-BDFC-015F74212396}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{35FE07BD-C928-481F-8B5D-58D975C63A7A}" = protocol=6 | dir=in | app=r:\mass effect 1\mass effect\binaries\masseffect.exe |
"{363BF90D-F02A-4684-90BB-D89D4D6EC1EA}" = dir=in | app=r:\skype\phone\skype.exe |
"{3746768C-458F-431F-81C3-EB413E24E356}" = protocol=17 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.x64.exe |
"{37AE9492-0F6D-4250-BA2F-56AA871DD227}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39E0AA9C-C257-4BC5-AC63-65C3A1235B5A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3CB0C8E4-E285-48B0-97A3-53112BCDAE8C}" = protocol=6 | dir=in | app=c:\users\k\appdata\local\akamai\netsession_win.exe |
"{3DB656B0-6B47-4AC3-A07F-A0FA40C7F92D}" = protocol=17 | dir=in | app=z:\diablo 3\diablo iii\diablo iii.exe |
"{3E4EEA2D-57E9-481E-A22C-F3C2D87A3C37}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{400C974D-3C63-4595-84B0-1A904BA84D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4075C9A6-6CC5-4214-B99F-7C6EEE3672BA}" = protocol=17 | dir=in | app=r:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe |
"{409169A4-A9F2-455B-9315-AB1AC442A951}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{42430B3C-9FE0-4461-A5E8-46D5F7EBB571}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe |
"{46B2BA95-F2EA-4BCA-B5E9-3BF38C82A601}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{46C89427-6310-4DDD-ABAF-C9FC3FD5771B}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{4833266C-54E4-441E-859E-2080BE192988}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{487D8494-37AC-49A8-8440-F804E6C7413A}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\planetside 2\launchpad.exe |
"{48EC5C13-19B5-4864-8DC3-6FCD6C839031}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{499BFFEA-EF88-4A0F-8D80-424F906B7C35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CA4D952-9491-4B4C-9635-1C0D97246522}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{4E5F25E0-DAFF-46FE-8CAE-79D9FE436526}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe |
"{556B6234-914C-4C81-A881-965471F87D61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{56CA949A-1D57-46AA-B6A5-AD25B0851F93}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{59302405-7676-4D92-90BC-CECA0833BEED}" = protocol=17 | dir=in | app=r:\edeneternal\edeneternal-de\_launcher.exe |
"{5AF5427F-67DF-41EB-B827-A5773972ED9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D0C41E1-1D36-4F00-9752-B85B3B62AE05}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{5DFA2F12-55EC-4BF2-85B1-69587D353D46}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{603A132B-B140-43CF-AD5E-4C4D53E725BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6150D2B0-7F88-4D46-BE38-F2C1EEF49429}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{65064AB1-A1BF-4CEA-BA7F-AD9DC5B95CD7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{674499DD-3F47-40C6-B1F1-9F7C9AAFD3B9}" = protocol=6 | dir=in | app=r:\starcraft ii\starcraft ii.exe |
"{67DED5C1-C99C-4776-BE78-47851B1529CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C6CFDC4-D13B-4900-81EA-34FD2FA520C2}" = protocol=6 | dir=in | app=b:\downloads\videoconvertersdm.exe |
"{6D27BA5F-73B2-4271-82FE-BB3DED66514C}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{6D92EF4E-9245-44F8-B19A-6EBC62C565CB}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\torchlight ii\torchlight2demo.exe |
"{6DA72067-6EFB-4E97-8A3B-7B65262E4FAD}" = protocol=17 | dir=in | app=r:\microsoft office\office14\onenote.exe |
"{708C7345-25EE-4323-AA2C-9F36ADE923A1}" = protocol=17 | dir=out | app=r:\steam\steamapps\common\warframe\warframe.exe |
"{72C367B2-EA4A-418D-8F03-31CB73F74140}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{746EE179-DA01-4308-A66B-8F1700F3497F}" = protocol=17 | dir=in | app=r:\mass effect 2\masseffect2launcher.exe |
"{757D7E92-9BF3-4FB3-BE85-B876A84071A9}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{76049B53-2FB0-4A4F-8A72-8C255E0637F0}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{789861BE-5336-4554-9C7E-05922130D36E}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7960689A-5C01-4A0D-A40D-6E09E23E9640}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{79FA511F-EAA2-48EA-B8FD-4659994BB62B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AE4EE0A-C675-4275-8C64-6339F6CB7027}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{7E0B5BD5-CFB0-4B24-9DD6-78A7189505DF}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{7EDBD380-5B6E-487C-B080-1A6A8FB9EB06}" = protocol=6 | dir=in | app=r:\sony\update service\update service.exe |
"{7F2F5FD9-3745-4DDD-A531-97FF51920B2F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{813E010C-F3D2-4986-90FE-5E0DE027AC30}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\torchlight ii\torchlight2demo.exe |
"{81944D1D-44E5-431C-9D4D-D65381E729F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{82F93780-1977-4BCD-8AA1-99C582D5838F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84FB5D5B-86A2-4917-BE01-641CA4DF88E9}" = protocol=17 | dir=in | app=r:\starcraft ii\starcraft ii public test.exe |
"{854AA40D-68DF-427B-BCB0-2479C71860B5}" = protocol=6 | dir=in | app=r:\steam\steam.exe |
"{8561ADF1-43F7-4FE5-BB00-610BDA243B56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{8658E204-5EB5-4A1A-B80A-AAF6C42373B3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{8687EAAD-3906-4761-9028-977628F05F32}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{889D18C6-98D5-41CA-93F4-B03890956456}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\warframe\tools\launcher.exe |
"{88A2B085-145C-4684-B769-7FC77834BDA0}" = protocol=17 | dir=in | app=c:\users\k\appdata\local\akamai\netsession_win.exe |
"{89DC63D4-9DE0-423D-BBA0-81FFCB5EAE8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B715EBD-8DDC-4AC1-822D-43C534CDB484}" = protocol=6 | dir=in | app=r:\mass effect 2\binaries\masseffect2.exe |
"{8D181B0C-964C-40F8-94DB-AB43C4370FCA}" = protocol=6 | dir=in | app=r:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe |
"{8DC08A7E-AB57-414B-9ADC-2E8C6BAAC24E}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{936BBA05-6257-42CE-9E81-5135FA47E790}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93702F4C-E16D-4702-A399-815C563203C3}" = protocol=17 | dir=in | app=r:\mass effect 2\binaries\masseffect2.exe |
"{93CFCE59-F957-4397-8649-02F557A77260}" = protocol=17 | dir=in | app=r:\steam\steam.exe |
"{97B4519C-B097-427A-A6E0-52F61B0CB3E0}" = protocol=17 | dir=in | app=r:\microsoft office\office14\groove.exe |
"{99A6A5D9-4E6A-44E5-BB08-2F1E094B5E6E}" = protocol=17 | dir=in | app=r:\sony\update service\update service.exe |
"{9B2931C6-D72D-4FEC-BB14-0B45709B4EB3}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{9C22EA6B-4E9A-4B81-8046-06F34865C5AC}" = protocol=17 | dir=in | app=r:\mass effect 1\mass effect\binaries\masseffect.exe |
"{A0E7614A-A303-42CF-9401-4199D1698931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A151E97E-61A8-495E-B1E8-357752A1796C}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{A1C9157C-55B9-4A19-8A2D-D024FCA6FD7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{A390FCA5-8C95-4944-B60A-9395ED056B6A}" = protocol=17 | dir=in | app=r:\mass effect 1\mass effect\masseffectlauncher.exe |
"{A3E85977-4A0C-4FA1-9481-3885AE232515}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{A4D7F382-284F-4A5C-9BB4-E0D42D6C43E9}" = protocol=17 | dir=in | app=r:\star wars-the old republic\launcher.exe |
"{A5B091AF-18F9-4919-9111-9FA264706253}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\planetside 2\launchpad.exe |
"{AAA6D31B-7672-426A-9C78-C99B27675980}" = protocol=6 | dir=in | app=z:\diablo 3\diablo iii\diablo iii.exe |
"{AEAD95CF-9C0D-4F3C-9521-C9088108CF3D}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{AECEA470-0E27-43E4-B52D-36F7D2898956}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{B1551ADE-7374-475A-988E-B15D22FD25B9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{B99F3550-FD02-4444-A09E-B9099D84E83D}" = protocol=6 | dir=in | app=r:\microsoft office\office14\groove.exe |
"{BAF07E7A-FE85-4055-8A87-F46E53D56AD0}" = protocol=6 | dir=in | app=z:\bf3\battlefield 3\bf3.exe |
"{BCEC881A-FE89-4FAA-B174-23EFE2DF34E3}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{BDBBEA7A-4EE3-44EB-B3A9-4FEA4AC92ECA}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe |
"{BFD543C7-EA71-4781-BAB6-B40D7BB551A7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C20D091E-8A53-4067-B05D-B72DE9C93207}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C292203A-B072-4ABE-89F5-241E21153ECE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C5260B8B-E983-4133-A117-8AC407E58B35}" = protocol=6 | dir=in | app=r:\mass effect 1\mass effect\masseffectlauncher.exe |
"{C56C2485-0618-491A-BB64-A40BC7BF2EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C6CF5E6C-9677-4FA5-8E17-6AE100A09C83}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CA989CEF-CF39-4781-ADBE-1D10F508EC9B}" = protocol=17 | dir=in | app=z:\bf3\battlefield 3\bf3.exe |
"{CE30F5AE-6405-4000-B28C-D3E4E3E17FCC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D02405C4-8538-4C3A-921F-D595A2166EC3}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\dota 2 beta\dota.exe |
"{D0390A6A-C611-4019-B17D-D79798075F41}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{D4A1C9B5-1876-47A3-99A4-0948F6C20FEE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{D4C9E568-6AF5-4A29-B1F2-641894A26E0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D9201D71-3858-4D3C-AB34-78B5412D904B}" = protocol=6 | dir=in | app=r:\microsoft office\office14\onenote.exe |
"{DC1395E7-046D-45D1-979C-710E542D5AB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{E07BED0A-5F39-41B8-9731-F5CA30D83C89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E1175A1F-85CC-4632-A219-2F528AEA1120}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{E26AFB84-A60E-43C4-9D0B-80417085A202}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{E670B5DE-710D-486D-A477-6403DDDFDD70}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{E6FF8922-E5C9-4F6D-9128-1E078A7AE9C9}" = protocol=17 | dir=in | app=b:\downloads\videoconvertersdm.exe |
"{EB7A5DB6-4E8A-47EB-A909-D14609813B66}" = protocol=6 | dir=in | app=r:\steam\steamapps\common\warframe\tools\launcher.exe |
"{EC1C0B3C-214D-4B5A-87E2-CB275610664D}" = protocol=17 | dir=in | app=z:\diablo iii\diablo iii.exe |
"{F2131161-D255-4CCA-8836-5FAB70967ECB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2AF5ADE-67B7-4FDC-BD98-5B4E4C5828AF}" = protocol=6 | dir=in | app=r:\edeneternal\edeneternal-de\_launcher.exe |
"{F4055C89-C2F2-4983-BF61-A01330D065D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F63D5DD8-4C20-4F24-A6D6-64A865DD0C1E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{FA0FB5D1-4940-48FD-8240-9CB3CF52BF19}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{FB5C1886-797D-490F-AFC9-BC436924105F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FB7D1827-F48E-4FA2-B431-A6E8AAC46D0D}" = protocol=6 | dir=in | app=r:\starcraft ii\starcraft ii public test.exe |
"{FC0A6E4F-621F-41C4-8432-6F4D2C91C5E9}" = protocol=6 | dir=in | app=r:\star wars-the old republic\launcher.exe |
"{FCBD5D69-1B22-4440-B578-8CB9F1E23B30}" = protocol=17 | dir=in | app=r:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Bamboo
"VLC media player" = VLC media player 2.0.6
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E850E20-07C3-40E5-875B-9D7CC907D67A}" = Media Add-ons für Acronis True Image Home 2011
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{30DD6255-BF58-4F07-AC03-68A73C5BCD5D}" = TP-LINK 150Mbps Mini Wireless N USB Adapter Driver
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1" = SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013.
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AMP WinOFF" = AMP WinOFF 5.0.1
"Bamboo Dock" = Bamboo Dock
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Donald Duck" = Disneys Donald Duck
"ESN Sonar-0.70.4" = ESN Sonar
"Flashtool" = Flashtool
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Guild Wars" = GUILD WARS
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"League of Legends 3.0.1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"PrecisionX" = EVGA Precision X 3.0.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SixaxisPairTool_is1" = SixaxisPairTool 0.2.3
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 219850" = Torchlight II Demo
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Mobile Update Service
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2013 16:55:39 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.07.2013 17:26:14 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.07.2013 17:26:14 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.07.2013 17:26:14 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.07.2013 17:37:19 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.07.2013 17:37:19 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.07.2013 17:37:19 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.07.2013 18:14:21 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.07.2013 18:14:21 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.07.2013 18:14:21 | Computer Name = CarpeDiem | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.07.2013 16:47:40 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr
SRTSP
SRTSPX
SymIM
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf
Error - 19.07.2013 16:48:44 | Computer Name = CarpeDiem | Source = DCOM | ID = 10005
Description =
Error - 19.07.2013 16:52:11 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 19.07.2013 16:52:11 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 19.07.2013 18:09:56 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 19.07.2013 18:09:56 | Computer Name = CarpeDiem | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter OTL logfile created on: 20.07.2013 00:10:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = Z:\Trojaner Board Programme 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,57% Memory free 10,00 Gb Paging File | 7,98 Gb Available in Paging File | 79,81% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 3,71 Gb Free Space | 6,24% Space Free | Partition Type: NTFS Drive G: | 688,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive R: | 135,72 Gb Total Space | 1,35 Gb Free Space | 1,00% Space Free | Partition Type: NTFS Drive Z: | 97,75 Gb Total Space | 8,24 Gb Free Space | 8,43% Space Free | Partition Type: NTFS Computer Name: CARPEDIEM | User Name: K | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.19 23:19:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- Z:\Trojaner Board Programme\OTL.exe PRC - [2013.07.06 13:15:38 | 000,920,472 | ---- | M] (Mozilla Corporation) -- R:\Mozilla\firefox.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\K\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.02.14 08:05:44 | 000,523,264 | ---- | M] (LOL Replay) -- Z:\LOLReplay\LOLRecorder.exe PRC - [2013.02.11 03:24:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.12 15:22:38 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- Z:\Hamachi\hamachi-2-ui.exe PRC - [2012.10.16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe PRC - [2012.10.08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programme\Tablet\Pen\WacomHost.exe PRC - [2012.06.12 01:12:43 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.09.22 22:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.09.22 22:20:44 | 005,587,832 | ---- | M] (Acronis) -- R:\Acronis\TrueImageHome\TrueImageMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 03:31:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll MOD - [2013.07.13 03:31:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll MOD - [2013.07.13 03:31:01 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll MOD - [2013.07.13 03:30:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.13 03:30:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.13 03:30:45 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll MOD - [2013.07.13 03:30:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.13 03:30:34 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.13 03:30:32 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.13 03:30:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.13 03:30:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.07.06 13:15:38 | 003,285,912 | ---- | M] () -- R:\Mozilla\mozjs.dll MOD - [2013.02.14 08:05:36 | 000,311,808 | ---- | M] () -- Z:\LOLReplay\LOLUtils.dll MOD - [2012.10.16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll MOD - [2011.09.22 22:20:28 | 011,233,136 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.07.01 16:26:51 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai) SRV - [2013.06.12 14:45:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- R:\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.11 03:24:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.11.14 14:45:32 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon) SRV - [2012.11.12 15:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- Z:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.09.20 14:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- R:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.08.25 04:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.12 01:12:43 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.09.22 22:21:28 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.25 12:39:04 | 000,052,320 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2013.06.24 22:47:38 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2013.06.19 14:28:05 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.05 04:14:18 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 00:47:52 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013.01.22 00:47:52 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2013.01.17 21:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.10.12 09:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.10.12 09:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.10.12 09:20:38 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.06.12 01:12:43 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.06.12 01:12:41 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.06.12 01:12:40 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.06.12 01:12:38 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.05.11 01:02:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.22 21:55:36 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.02.22 21:55:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.05 11:13:10 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.25 21:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.30 14:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013.07.10 02:11:59 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.016\ex64.sys -- (NAVEX15) DRV - [2013.07.10 02:11:59 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.016\eng64.sys -- (NAVENG) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.10.23 19:05:44 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130718.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.09 14:54:04 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 45 88 C5 C2 EE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: Z:\Java\bin\plugin2\npjp2.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: Z:\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: R:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.07.20 00:07:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012.10.24 18:26:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: R:\Mozilla\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: R:\Mozilla\plugins [2013.07.06 13:15:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: R:\Mozilla\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: R:\Mozilla\plugins [2013.07.06 13:15:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: R:\Mozilla\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: R:\Mozilla\plugins [2013.07.06 13:15:35 | 000,000,000 | ---D | M] [2012.01.30 21:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Extensions [2013.07.10 13:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\4xh1b7px.default\extensions [2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\4xh1b7px.default\extensions\plugin@getwebcake.com [2012.12.08 15:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions [2012.01.30 21:40:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\plugin@getwebcake.com [2013.06.20 00:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions [2013.05.10 12:19:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions\plugin@getwebcake.com [2013.07.10 13:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\zlh6tra1.default\extensions [2013.07.10 14:19:17 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\K\AppData\Roaming\mozilla\Firefox\Profiles\zlh6tra1.default\extensions\plugin@getwebcake.com [2013.07.03 12:37:57 | 000,671,953 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ij9ke9cb.Test\extensions\webbooster@iminent.com.xpi [2013.06.20 00:23:05 | 000,043,476 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\privateTab@infocatcher.xpi [2013.06.08 22:26:16 | 000,004,525 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\youtubeunblocker@unblocker.yt.xpi [2013.06.13 11:52:40 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.04.18 01:11:12 | 000,282,569 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.12.23 16:23:36 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.12.12 18:38:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.10 12:19:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\ntwhzn6q.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll File not found O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BCSSync] R:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] Z:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] R:\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\K\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{500A26D3-82C5-42F1-9127-7CA9DE21A49A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1CE1F40-6735-444F-BB85-4A94F59AB7F3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - R:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.11.16 02:05:00 | 000,595,456 | R--- | M] (MAX DESIGN) - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2001.11.16 02:05:00 | 000,000,766 | R--- | M] () - G:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2001.11.16 02:05:00 | 000,000,045 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell - "" = AutoRun O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{09595dbc-48d3-11e1-ab79-002522d5e445}\Shell\install\command - "" = E:\SETUP.EXE O33 - MountPoints2\{0cf3f0ef-484e-11e1-a8fb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0cf3f0ef-484e-11e1-a8fb-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2001.11.16 02:05:00 | 000,595,456 | R--- | M] (MAX DESIGN) O33 - MountPoints2\{14d72354-c938-11e2-b8d1-002522fa314a}\Shell - "" = AutoRun O33 - MountPoints2\{14d72354-c938-11e2-b8d1-002522fa314a}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{c2be7f0f-5fd8-11e2-83a9-002522fa314a}\Shell - "" = AutoRun O33 - MountPoints2\{c2be7f0f-5fd8-11e2-83a9-002522fa314a}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.19 23:03:51 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Malwarebytes [2013.07.19 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.19 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.19 23:03:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.19 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.11 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.07.11 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs [2013.07.11 18:07:51 | 000,019,392 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe [2013.07.11 14:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [2013.07.11 14:41:48 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Local\PMB Files [2013.07.11 14:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.07.11 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.07.11 14:34:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013.07.11 14:32:03 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Riot Games [2013.07.10 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\K\Local Settings [2013.07.10 14:06:20 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.07.10 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Local\Programs [2013.07.10 14:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.07.10 14:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsPal [2013.07.10 13:57:56 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Iminent [2013.07.10 13:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent [2013.07.10 13:57:54 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl [2013.07.10 13:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2013.07.10 13:57:25 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\WebCake [2013.07.10 13:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer [2013.07.10 13:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.07.10 01:13:45 | 000,000,000 | ---D | C] -- B:\Eigene Dokumente\ANNO 1404 Venedig [2013.07.10 00:51:50 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Ubisoft [2013.07.10 00:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2013.07.09 23:47:52 | 000,000,000 | ---D | C] -- B:\Eigene Dokumente\Amazon Downloader Logs [2013.06.25 12:38:10 | 000,076,384 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll [2013.06.25 12:38:10 | 000,052,320 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys [2013.06.25 12:36:46 | 000,067,680 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll [2013.06.25 12:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SixaxisPairTool [2013.06.24 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool [2013.06.24 22:47:38 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys [2013.06.24 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\K\.swt [2013.06.24 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\K\.android [2013.06.24 14:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.06.24 14:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2013.06.23 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.20 00:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.20 00:07:40 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys [2013.07.19 23:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.19 23:37:22 | 008,862,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.19 23:37:22 | 003,053,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.19 23:37:22 | 002,694,436 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.19 23:37:22 | 002,410,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.19 23:37:22 | 000,006,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.19 23:18:30 | 000,000,128 | ---- | M] () -- C:\Users\K\defogger_reenable [2013.07.19 23:03:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.19 22:57:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 22:57:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 22:35:07 | 001,925,889 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB [2013.07.17 22:55:43 | 000,163,062 | ---- | M] () -- C:\ProgramData\2433f433 [2013.07.13 03:26:58 | 005,035,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.11 22:43:24 | 000,276,148 | ---- | M] () -- B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp [2013.07.11 14:42:03 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk [2013.07.10 21:41:20 | 000,000,975 | ---- | M] () -- C:\Users\K\Desktop\Anno 1404.lnk [2013.07.06 00:46:14 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.07.06 00:46:14 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.07.06 00:45:56 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.06.27 09:43:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.25 15:35:22 | 008,056,281 | ---- | M] () -- C:\Users\K\Desktop\RecoverX.zip [2013.06.25 12:39:04 | 000,076,384 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll [2013.06.25 12:39:04 | 000,052,320 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys [2013.06.24 22:47:38 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys [2013.06.24 15:14:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2013.06.24 14:21:59 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.24 10:59:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2013.06.23 18:56:56 | 000,000,681 | ---- | M] () -- C:\Users\K\Desktop\Update Service.lnk [2013.06.20 12:19:36 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\VT20130115.021 [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.19 23:18:30 | 000,000,128 | ---- | C] () -- C:\Users\K\defogger_reenable [2013.07.19 23:03:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.17 22:55:43 | 000,163,062 | ---- | C] () -- C:\ProgramData\2433f433 [2013.07.11 22:43:24 | 000,276,148 | ---- | C] () -- B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp [2013.07.11 14:34:20 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk [2013.07.10 21:41:20 | 000,000,975 | ---- | C] () -- C:\Users\K\Desktop\Anno 1404.lnk [2013.06.26 01:44:32 | 006,040,792 | ---- | C] () -- B:\Eigene Dokumente\com.android.vending-4.1.10.apk [2013.06.25 15:36:07 | 008,056,281 | ---- | C] () -- C:\Users\K\Desktop\RecoverX.zip [2013.06.25 12:38:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.06.24 15:14:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2013.06.24 14:21:59 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.24 10:59:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2013.06.23 18:56:56 | 000,000,681 | ---- | C] () -- C:\Users\K\Desktop\Update Service.lnk [2013.05.19 17:59:48 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2013.05.19 16:33:44 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2013.05.19 16:32:43 | 000,000,853 | ---- | C] () -- C:\Windows\disney.ini [2013.04.08 21:31:54 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll [2013.04.08 21:31:54 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2013.03.07 19:15:53 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.05.11 00:22:01 | 000,000,132 | ---- | C] () -- C:\Users\K\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.05.07 21:51:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.29 14:13:28 | 000,001,069 | ---- | C] () -- C:\Users\K\AppData\Roaming\EasyToolz.ini [2012.04.25 19:43:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.27 23:08:33 | 000,000,089 | ---- | C] () -- C:\Users\K\AppData\Local\fusioncache.dat [2012.02.27 23:07:56 | 001,619,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.18 19:14:31 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012.01.30 19:59:26 | 000,007,641 | ---- | C] () -- C:\Users\K\AppData\Local\Resmon.ResmonCfg [2012.01.30 19:02:03 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.30 19:02:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L [2012.07.28 22:32:43 | 000,002,048 | -HS- | M] () -- C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.28 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\.minecraft [2012.01.27 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Acronis [2012.07.11 17:32:07 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Akyn [2012.10.11 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Atari [2012.02.26 19:52:53 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Babylon [2012.05.04 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.23 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Cool Record Edit Pro [2012.04.28 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\CPUControl [2012.05.11 01:01:53 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\DAEMON Tools Lite [2012.05.10 23:39:06 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Dexpot [2013.05.13 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\DVDVideoSoft [2013.02.14 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.23 11:46:28 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Free Sound Recorder [2013.07.10 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl [2013.07.10 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Iminent [2012.10.11 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Leadertech [2012.01.27 12:42:26 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\LolClient [2012.06.02 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\LolClient2 [2012.08.01 00:08:28 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\MediaMonkey [2012.02.24 15:36:02 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Notepad++ [2012.07.11 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Ocusk [2013.06.04 13:20:05 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Origin [2013.04.13 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\PDAppFlex [2012.10.10 17:36:06 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\ProtectDISC [2012.11.10 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\RIFT [2013.07.11 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Riot Games [2013.01.16 17:34:24 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Sony [2013.04.16 23:35:54 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TeamViewer [2012.07.28 22:45:47 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Tific [2013.05.20 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Tropico 4 Demo [2012.06.20 19:14:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TrueCrypt [2013.07.13 23:12:00 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\TS3Client [2013.07.10 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Ubisoft [2013.04.13 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Wacom [2013.04.13 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2013.07.10 14:19:17 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\WebCake [2012.10.06 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\Wildlife Park 2 [2012.07.28 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\K\AppData\Roaming\xsecva ========== Purity Check ========== < End of report > Geändert von HalloX1990 (20.07.2013 um 11:19 Uhr) |
|
20.07.2013, 19:12
| #4 |
| | Von GVU-Trojaner befallen (Win7) Gmer Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-20 00:45:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000079 M4-CT064 rev.0009 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\K\AppData\Local\Temp\uwlyypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[532] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010015091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100150048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001001502ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001001504b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001001509fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100150ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010015012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100150758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100150676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001001503d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100150594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010015083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010015020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010016059e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100150f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100160210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100160048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a75a9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100150ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001001603d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010016012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001001602f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100150e6e
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010018091c
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100180048
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001001802ee
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001001804b2
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001001809fe
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100180ae0
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010018012a
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100180758
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100180676
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001001803d0
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100180594
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010018083a
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010018020c
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100180f52
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100190210
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100190048
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a78a9d1}
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100180ca6
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001001903d8
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010019012c
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001001902f4
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100180e6e
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1140] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010019059e
.text C:\Windows\SysWOW64\svchost.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76]
.text C:\Windows\SysWOW64\svchost.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010023091c
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100230048
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002302ee
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002304b2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002309fe
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100230ae0
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010023012a
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100230758
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100230676
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002303d0
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100230594
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010023083a
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010023020c
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010024059e
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100230f52
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100240210
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100240048
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a83a9d1}
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100230ca6
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002403d8
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010024012c
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002402f4
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100230e6e
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072361a22 2 bytes [36, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072361ad0 2 bytes [36, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072361b08 2 bytes [36, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072361bba 2 bytes [36, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072361bda 2 bytes [36, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1796] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010029059e
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010023091c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100230048
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002302ee
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002304b2
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002309fe
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100230ae0
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010023012a
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100230758
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100230676
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002303d0
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100230594
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010023083a
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010023020c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010024059e
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100230f52
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100240210
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100240048
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a83a9d1}
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100230ca6
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002403d8
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010024012c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002402f4
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100230e6e
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76]
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76]
.text ... * 2
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 00000001001c091c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 00000001001c0048
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001001c02ee
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001001c04b2
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001001c09fe
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 00000001001c0ae0
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 00000001001c012a
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 00000001001c0758
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 00000001001c0676
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001001c03d0
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 00000001001c0594
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 00000001001c083a
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 00000001001c020c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 00000001001d059e
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 00000001001c0f52
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 00000001001d0210
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 00000001001d0048
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a7ca9d1}
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 00000001001c0ca6
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001001d03d8
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 00000001001d012c
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001001d02f4
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 00000001001c0e6e
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76]
.text C:\Users\K\AppData\Local\Akamai\netsession_win.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76]
.text ... * 2
.text Z:\LOLReplay\LOLRecorder.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76]
.text Z:\LOLReplay\LOLRecorder.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76]
.text ... * 2
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010025091c
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100250048
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002502ee
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002504b2
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002509fe
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100250ae0
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010003004c
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010025012a
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100250758
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100250676
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002503d0
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100250594
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010025083a
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010025020c
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100250f52
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100260210
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100260048
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a85a9d1}
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100250ca6
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002603d8
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010026012c
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002602f4
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100250e6e
.text R:\Acronis\TrueImageHome\TrueImageMonitor.exe[4248] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010026059e
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010024091c
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002409fe
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100240ae0
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010024012a
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100240758
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100240676
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100240594
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010024083a
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010024020c
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010025059e
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100240f52
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100250210
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100250048
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a84a9d1}
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002503d8
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010025012c
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002502f4
.text C:\Program Files\Tablet\Pen\WacomHost.exe[4792] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100240e6e
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010028091c
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100280048
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002809fe
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100280ae0
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010028012a
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100280758
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100280676
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002803d0
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100280594
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010028083a
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010028020c
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 000000010029059e
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100280f52
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100290210
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100290048
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100280ca6
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002903d8
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010029012c
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002902f4
.text Z:\Hamachi\hamachi-2-ui.exe[4828] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a89a9d1}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 00000001002a059e
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 0000000100290762
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76]
.text ... * 2
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e0fc90 5 bytes JMP 000000010028091c
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e0fdf4 5 bytes JMP 0000000100280048
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e0fe88 5 bytes JMP 00000001002802ee
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e0ffe4 5 bytes JMP 00000001002804b2
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e10018 5 bytes JMP 00000001002809fe
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e10048 5 bytes JMP 0000000100280ae0
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e10064 5 bytes JMP 000000010002004c
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e1077c 5 bytes JMP 000000010028012a
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e1086c 5 bytes JMP 0000000100280758
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e10884 5 bytes JMP 0000000100280676
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e10dd4 5 bytes JMP 00000001002803d0
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e11900 5 bytes JMP 0000000100280594
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e11bc4 5 bytes JMP 000000010028083a
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e11d50 5 bytes JMP 000000010028020c
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075a0524f 7 bytes JMP 0000000100280f52
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075a053d0 7 bytes JMP 0000000100290210
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075a05677 1 byte JMP 0000000100290048
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075a05679 5 bytes {JMP 0xffffffff8a88a9d1}
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075a0589a 7 bytes JMP 0000000100280ca6
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075a05a1d 7 bytes JMP 00000001002903d8
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075a05c9b 7 bytes JMP 000000010029012c
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075a05d87 7 bytes JMP 00000001002902f4
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075a07240 7 bytes JMP 0000000100280e6e
.text Z:\Trojaner Board Programme\gmer_2.1.19163.exe[2500] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077151492 7 bytes JMP 00000001002904bc
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5784] 000007fefc0e2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5812] 000007feee43d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5844] 000007feee43d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5848] 000007feee43d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5440] 000007feee3d9730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5236:5520] 000007feee43d618
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 K :: CARPEDIEM [Administrator] Schutz: Aktiviert 19.07.2013 23:05:25 mbam-log-2013-07-19 (23-05-25).txt Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|R:\|Z:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343728 Laufzeit: 1 Stunde(n), 34 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 B:\$RECYCLE.BIN\S-1-5-21-2664304544-449774840-1103248043-1012\$RBGGZQ9.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. B:\$RECYCLE.BIN\S-1-5-21-2664304544-449774840-1103248043-1012\$RSKYHPH.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. B:\Eigene Dokumente\PSP+PC Sachen\PC\Microsoft Office\Microsoft.Office.Professional.Plus.2010.x64.German.VL.Edition-Bart\Dox\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt. B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Orcs Must Die!\TDU5k.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\K\AppData\Local\Temp\7iZwaIMT.zip.part (Malware.Packer.RH1Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 1. Kann man den Trojaner (und alles was er ggf. mitgeschleppt hat) durch eine Formatierung aller Festplatten vollständig entfernen ? 2. Falls ja, gibt es eine Möglichkeit meine eigenen Dateien (Musik, Dokumente, etc.) zu sichern, ohne die Gefahr eine Schadsoftware mitzuschleppen ? Dafür ist vllt noch wichtig zu wissen, dass ich die Ordner Download/Musik/Bilder/Dokumente/Videos auf einer anderen Festplatte habe wie mein Betriebssystem und meine Programme. Geändert von HalloX1990 (20.07.2013 um 19:21 Uhr) |
|
20.07.2013, 20:13
| #5 |
| /// the machine /// TB-Ausbilder | Von GVU-Trojaner befallen (Win7) Wenn Du formatierst ist alles sauber, Daten kannste sichern, da passiert nix. Passwörter würde ich ändern. Wir können den aber bereinigen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 00:00
| #6 |
| | Von GVU-Trojaner befallen (Win7) Sind Passwörter auch zu ändern, falls ich sie seit dem ersten visuellen Erscheinen des Trojaners nie benutzt habe ? Gespeichert sind sie lediglich in meinem Kopf. Und meine eigenen Dateien sind und waren also zu jeder Zeit unbeeinträchtigt von der Schadsoftware ? Zusätzlich würde mich noch interessieren, ob ich irgendwie prüfen kann (oder du es schon tust), ob auf meinem System noch irgendwelche Schadsoftware, unabhängig von dem GVU-Trojaner, vorhanden ist. Hier nun die vier Logfiles. AdwCleaner Code:
ATTFilter # AdwCleaner v2.306 - Datei am 21/07/2013 um 00:36:13 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : K - CARPEDIEM
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\K\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6esg80sw.default\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\searchplugins\delta.xml
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\extensions\webbooster@iminent.com.xpi
Datei Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\LyricsContainer
Ordner Gelöscht : C:\Program Files (x86)\LyricsPal
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6esg80sw.default\extensions\staged
Ordner Gelöscht : C:\Users\K\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\K\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\K\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\4xh1b7px.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zlh6tra1.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\Users\K\AppData\Roaming\WebCake
Ordner Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\CT3201318
Ordner Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Ordner Gelöscht : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\Smartbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\4xh1b7px.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\prefs.js
C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ij9ke9cb.Test\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\prefs.js
C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\ntwhzn6q.Standard-Benutzer\user.js ... Gelöscht !
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Datei : C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zlh6tra1.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Schnitzel?\AppData\Roaming\Mozilla\Firefox\Profiles\dqrn137x.default\prefs.js
Gelöscht : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3201318.1000234.TWC_TMP_city", "DUSSELDORF");
Gelöscht : user_pref("CT3201318.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT3201318.1000515.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebut[...]
Gelöscht : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3201318.Facebook_Mode", "2");
Gelöscht : user_pref("CT3201318.Facebook_User_Locale", "de");
Gelöscht : user_pref("CT3201318.FirstTime", "true");
Gelöscht : user_pref("CT3201318.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT320[...]
Gelöscht : user_pref("CT3201318.UserID", "UN86501314189890481");
Gelöscht : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129768733323172459\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3201318.enableAlerts", "always");
Gelöscht : user_pref("CT3201318.event_data", "%5B%5D");
Gelöscht : user_pref("CT3201318.fired_events", "");
Gelöscht : user_pref("CT3201318.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3201318.fixUrls", true);
Gelöscht : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.isNewTabEnabled", true);
Gelöscht : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.key_date", "15");
Gelöscht : user_pref("CT3201318.keyword", true);
Gelöscht : user_pref("CT3201318.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.de%2F[...]
Gelöscht : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Gelöscht : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Gelöscht : user_pref("CT3201318.search.searchCount", "1");
Gelöscht : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344515931179");
Gelöscht : user_pref("CT3201318.serviceLayer_services_appTracking_lastUpdate", "1344515820161");
Gelöscht : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1344867869221");
Gelöscht : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344860977021");
Gelöscht : user_pref("CT3201318.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344860857046");
Gelöscht : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13447[...]
Gelöscht : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13447[...]
Gelöscht : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1344867870003");
Gelöscht : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344860977047");
Gelöscht : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1344860857030");
Gelöscht : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1344860856736");
Gelöscht : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344860976976");
Gelöscht : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1344867869237");
Gelöscht : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1344860856868");
Gelöscht : user_pref("CT3201318.settingsINI", true);
Gelöscht : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Gelöscht : user_pref("CT3201318.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3201318.smartbar.homepage", true);
Gelöscht : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Gelöscht : user_pref("CT3201318.toolbarBornServerTime", "10-7-2012");
Gelöscht : user_pref("CT3201318.toolbarCurrentServerTime", "13-8-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "FLV Runner Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.search.yah[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3201318");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13");
Gelöscht : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q=[...]
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6esg80sw.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12488 octets] - [21/07/2013 00:36:13]
########## EOF - C:\AdwCleaner[S1].txt - [12549 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.7 (07.20.2013:1)
OS: Windows 7 Home Premium x64
Ran by K on 21.07.2013 at 0:43:39,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\K\appdata\local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2013 at 0:48:56,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 00:51:29
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) R:\Mozilla\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130719.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== One Month Modified Files and Folders =======
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2012-06-20 19:08 - 19115385 _____ C:\Windows\setupact.log
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:45 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 00:45 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 00:45 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:43 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 00:43 - 2009-07-14 19:58 - 08935834 _____ C:\Windows\system32\perfh007.dat
2013-07-21 00:43 - 2009-07-14 19:58 - 02717866 _____ C:\Windows\system32\perfc007.dat
2013-07-21 00:43 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:38 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 00:37 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 00:37 - 2012-01-26 20:05 - 01903477 _____ C:\Windows\WindowsUpdate.log
2013-07-21 00:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-20 12:01 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-20 00:07 - 2012-01-26 20:13 - 01526972 _____ C:\Windows\PFRO.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
ZeroAccess:
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
ZeroAccess:
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 03:56
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013 Ran by K at 2013-07-21 00:51:53 Running from C:\Users\K\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) Acronis*True*Image*Home 2011 (x32 Version: 14.0.6942) Adobe AIR (x32 Version: 3.7.0.1530) Adobe Download Assistant (x32 Version: 1.2.5) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop CS6 (x32 Version: 13.0) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) AMD Catalyst Install Manager (Version: 8.0.873.0) AMP WinOFF 5.0.1 (x32 Version: 5.0.1) ANNO 1404 - Königsedition (x32 Version: 3.10.0000) ANNO 1602 (x32) Bamboo (Version: 5.3.0-3) Bamboo Dock (x32 Version: 4.1) Bamboo Dock (x32 Version: 4.1.0) Bandisoft MPEG-1 Decoder (x32) Battlefield 3™ (x32 Version: 1.5.0.0) Battlelog Web Plugins (x32 Version: 2.1.7) Borderlands 2 (x32) Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) DAEMON Tools Lite (x32 Version: 4.45.4.0315) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Disneys Donald Duck (x32) Dota 2 (x32) ESN Sonar (x32 Version: 0.70.4) EVGA Precision X 3.0.4 (x32 Version: 3.0.4) Firefall (x32) Flashtool (x32 Version: 0.9.10.1) Fraps (x32) Free YouTube Download version 3.2.1.320 (x32 Version: 3.2.1.320) Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430) Geeks3D.com FurMark 1.9.2 (x32) GUILD WARS (x32) ID CPU-Z 1.59 Java 7 Update 15 (64-bit) (Version: 7.0.150) Java 7 Update 17 (x32 Version: 7.0.170) Java Auto Updater (x32 Version: 2.1.9.0) JavaFX 2.1.0 (x32 Version: 2.1.0) League of Legends (x32 Version: 3.0.1) Logitech Gaming Software (Version: 8.45.88) Logitech Gaming Software 8.46 (Version: 8.46.27) LogMeIn Hamachi (x32 Version: 2.1.0.215) LOLReplay (x32 Version: 0.8.1.4) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mass Effect (x32 Version: 1.00) Mass Effect 2 (x32 Version: 1.02) Mass Effect™ 3 (x32 Version: 1.05.0.0) Media Add-ons für Acronis True Image Home 2011 (x32 Version: 14.0.6942) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 15.0 (x86 de) (x32 Version: 15.0) Mozilla Firefox 22.0 (x86 de) (HKCU Version: 22.0) Mozilla Maintenance Service (x32 Version: 15.0) Need for Speed™ Carbon (x32) Norton Internet Security (x32 Version: 20.4.0.40) Notepad++ (x32 Version: 5.9.8) NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22) NVIDIA 3D Vision Treiber 314.22 (Version: 314.22) NVIDIA Grafiktreiber 314.22 (Version: 314.22) NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1) NVIDIA Install Application (Version: 2.1002.115.743) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422) NVIDIA Systemsteuerung 314.22 (Version: 314.22) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) OpenAL (x32) Orcs Must Die! 2 (x32) Origin (x32 Version: 8.5.0.4554) Pando Media Booster (x32 Version: 2.6.0.7) PDF Settings CS6 (x32 Version: 11.0) Picasa 3 (x32 Version: 3.9) Platform (x32 Version: 1.34) PlayStation(R)Network Downloader (x32 Version: 2.07.00849) PlayStation(R)Store (x32 Version: 4.12.6.14870) Plus Pack für Acronis True Image Home 2011 (x32 Version: 14.0.6942) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PunkBuster Services (x32 Version: 0.993) RollerCoaster Tycoon 3 (x32) SixaxisPairTool 0.2.3 (x32 Version: 0.2.3) Skype™ 6.5 (x32 Version: 6.5.158) Sony Ericsson Update Engine (x32 Version: 2.13.7.201306141231) Sony Mobile Update Service (x32 Version: 2.13.6.201305161305) Sony PC Companion 2.10.165 (x32 Version: 2.10.165) SpeedFan (remove only) (x32) StarCraft II (x32 Version: 2.0.7.25293) Steam (x32 Version: 1.0.0.0) SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (x32 Version: +Recorder.2013.55) TeamSpeak 3 Client (HKCU Version: 3.0.10.1) Torchlight II Demo (x32) TP-LINK 150Mbps Mini Wireless N USB Adapter Driver (x32 Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition VIA Plattform-Geräte-Manager (x32 Version: 1.34) VLC media player 2.0.6 (Version: 2.0.6) WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2) WebTablet FB Plugin 64 bit (Version: 2.1.0.2) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) WinRAR 4.11 (64-Bit) (Version: 4.11.0) Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777) ==================== Restore Points ========================= 19-07-2013 20:34:52 Sony PC Companion ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0670E661-C097-4388-816D-46C992F7BA90} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2664304544-449774840-1103248043-1005 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {094D7195-7DE3-496E-9C98-B1C4B6A83013} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe No File Task: {1B15D443-3D4D-4E06-B6ED-EF868E8E19ED} - System32\Tasks\Game_Booster_Startup => R:\Game Booster 3\gbtray.exe No File Task: {1D007D67-8D5A-4483-933F-2A9F5BEC2074} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {2BEDCDB7-8F9F-4BDE-ABD3-D2C23EE840CF} - System32\Tasks\AdobeAAMUpdater-1.0-CARPEDIEM-Schnitzel♥ => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated) Task: {3DD1835D-861A-4E66-BB15-D0A6D20FA4CA} - System32\Tasks\{C6D9C50A-16D6-4997-93C9-FE54C193C7B0} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation) Task: {3E531437-8CBD-441A-B1FB-7F89DC7B0DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {5818F365-AA6D-4048-AFFD-6D0704D3C5A1} - System32\Tasks\AdobeAAMUpdater-1.0-K-PC-K => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated) Task: {6865DF86-42EF-442D-A893-C30025F750A1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {856F5262-AB09-413F-9DB3-6BD031C64CE3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {86A1FA6C-348D-402D-B6C4-11C9D8B37DEC} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2664304544-449774840-1103248043-1012 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {91B92699-9AF9-4436-96C8-93437F446B2A} - System32\Tasks\{7F3B150B-D69E-49CA-8399-91DD90358105} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation) Task: {AAB149BC-55B7-41CE-8813-1EC9C7B30C2A} - System32\Tasks\{0050A4A6-3E17-4269-A8D5-3862BA4F7594} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation) Task: {CCCD86D9-90BF-4A4E-A6A1-6F4D8A637DE7} - System32\Tasks\AdobeAAMUpdater-1.0-K-PC-Besucher => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated) Task: {CF7FDD0B-D994-4FE6-963A-BCD603D0A81B} - System32\Tasks\{188C9377-25F9-4DFB-9462-33774CB33A4D} => r:\mozilla\firefox.exe [2013-07-06] (Mozilla Corporation) Task: {D6C40FD2-BBDB-4F0A-9B51-53DEB8C60654} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {DBAB1E85-A40A-4359-B9F2-B48AB695D7F5} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {E32919B8-DD05-471C-9F78-4EE16C6B43C8} - System32\Tasks\{8A426A9D-E7DC-4D32-BD15-5F11AAD45987} => r:\mozilla\firefox.exe [2013-07-06] (Mozilla Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/21/2013 00:50:43 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-02-02 19:27:54.927 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\K\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-02-02 19:27:54.872 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\K\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-02-02 19:27:54.691 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-02-02 19:27:54.635 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 8191.3 MB Available physical RAM: 5861.5 MB Total Pagefile: 10237.49 MB Available Pagefile: 7730.47 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive b: () (Fixed) (Total:232.28 GB) (Free:73.84 GB) NTFS Drive c: () (Fixed) (Total:59.53 GB) (Free:3.69 GB) NTFS (Disk=1 Partition=2) Drive g: (ANNO1602) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS Drive r: () (Fixed) (Total:135.72 GB) (Free:1.35 GB) NTFS Drive z: (Volume) (Fixed) (Total:97.75 GB) (Free:8.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4F802181) Partition 1: (Not Active) - (Size=101 MB) - (Type=42) Partition 2: (Active) - (Size=136 GB) - (Type=42) Partition 3: (Not Active) - (Size=330 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 05687B5A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
21.07.2013, 14:51
| #7 | |
| /// the machine /// TB-Ausbilder | Von GVU-Trojaner befallen (Win7)Zitat:
Deine Daten wie Dokumente, Musik und Videos sind sicher, da es keine Infektion mit einem File Infector ist. Noch nen Onlinescan, dann entfernen wir Reste und sollten durch sein ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 20:14
| #8 |
| | Von GVU-Trojaner befallen (Win7) ESET Logfile Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3cfe97b91c190444b1377de9cb4fc612
# engine=14479
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-21 07:06:01
# local_time=2013-07-21 09:06:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 888031 137030146 0 0
# compatibility_mode=5893 16776574 100 94 0 126063411 0 0
# scanned=332444
# found=4
# cleaned=0
# scan_time=13124
sh=56CF3F22BFBD6F2AFE33780DDB4673BB0CB14A82 ft=0 fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Fallout 3\fallout3d.7z"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Fallout 3\fallout3d.iso"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP virus" ac=I fn="B:\Eigene Dokumente\PSP+PC Sachen\PC\Spiele\Fallout 3\FalloutLauncher.exe"
sh=A484889565807F2EC957AC0C9D8DFA6639E34B7F ft=1 fh=63b662d5288806d9 vn="multiple threats" ac=I fn="C:\Windows\Temp\Optimizer_Pro.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.0 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 15.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 21:11:53
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Almico Software (www.almico.com)) R:\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) R:\Mozilla\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== One Month Modified Files and Folders =======
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 21:07 - 2012-06-20 19:08 - 19116169 _____ C:\Windows\setupact.log
2013-07-21 20:45 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 20:41 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 20:41 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 20:37 - 2012-01-26 20:05 - 01928814 _____ C:\Windows\WindowsUpdate.log
2013-07-21 17:31 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 17:25 - 2009-07-14 19:58 - 08950544 _____ C:\Windows\system32\perfh007.dat
2013-07-21 17:25 - 2009-07-14 19:58 - 02722552 _____ C:\Windows\system32\perfc007.dat
2013-07-21 17:25 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 17:21 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 17:21 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 17:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 12:24 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-20 00:07 - 2012-01-26 20:13 - 01526972 _____ C:\Windows\PFRO.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
ZeroAccess:
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
ZeroAccess:
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 03:56
==================== End Of Log ============================
--- --- --- Was hat denn dieses virut.NBP in den eigenen Dokumenten zu bedeuten ? (Ich erinnere mich diesen Ordner vor Monaten von der externen Festplatte eines Kumpels kopiert zu haben) Hab mir grade das hier durchgelesen: hxxp://www.eset.com/us/threat-center/encyclopedia/threats/win32virutnbp/ Klingt garnicht gut ? Können wir meinen PC gleich rundum von jedweder Malware befreien ? Geändert von HalloX1990 (21.07.2013 um 20:37 Uhr) |
|
21.07.2013, 21:27
| #9 | |
| /// the machine /// TB-Ausbilder | Von GVU-Trojaner befallen (Win7) Java, Adobe und Firefox updaten. Fallout löschen. Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
ZeroAccess:
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
und ein frisches FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 21:52
| #10 |
| | Von GVU-Trojaner befallen (Win7) Also vor dem Durchführen der folgenden Schritte kann ich immer noch nicht auf den befallenen Benutzeraccount, dort kommt noch "...exe" konnte nicht ausgeführt werden (.. erneut irgendeine Kombination) auf schwarzem Hintergrund mit weißer Schrift. Nun die zwei *.txt nach den ausgeführten Schritten: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by K at 2013-07-21 22:48:26 Run:1
Running from C:\Users\K\Desktop
Boot Mode: Normal
==============================================
C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93} => Moved successfully.
"C:\Windows\Installer\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L" => File/Directory not found.
C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93} => Moved successfully.
"C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\@" => File/Directory not found.
"C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\L" => File/Directory not found.
"C:\Users\K\AppData\Local\{a2ed12e9-0e29-1a2a-3360-d5cdd2150f93}\U" => File/Directory not found.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 22:48:58
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) R:\Mozilla\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Almico Software (www.almico.com)) R:\SpeedFan\speedfan.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== One Month Modified Files and Folders =======
2013-07-21 22:45 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 22:45 - 2012-06-20 19:08 - 19116449 _____ C:\Windows\setupact.log
2013-07-21 22:45 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 21:25 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 21:25 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 21:22 - 2009-07-14 19:58 - 08965254 _____ C:\Windows\system32\perfh007.dat
2013-07-21 21:22 - 2009-07-14 19:58 - 02727238 _____ C:\Windows\system32\perfc007.dat
2013-07-21 21:22 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 21:18 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 21:18 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 21:18 - 2012-01-26 20:13 - 01527806 _____ C:\Windows\PFRO.log
2013-07-21 21:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 20:37 - 2012-01-26 20:05 - 01935021 _____ C:\Windows\WindowsUpdate.log
2013-07-21 17:31 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 03:56
==================== End Of Log ============================
Ich habe nun nochmal nachgeschaut, es öffnet sich die cmd.exe, wenn ich mich in das Benutzerkonto einlogge. Inhalt: "... Der Befehl ""C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe"" ist entweder falsch geschrieben oder konnte nicht gefunden werden. C:\Windows\system32> " diese *.exe ist die Datei, welche ich wie beschrieben ganz am Anfang einfach gelöscht habe. Edit: Sry, vergessen Java, Adobe und Firefox zu updaten, mache ich grade noch. Hier nochmal der FRST Log nach dem Updaten von Java, Adobe und Firefox. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by K (administrator) on 21-07-2013 23:07:38
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [x]
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130720.007\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== One Month Modified Files and Folders =======
2013-07-21 23:06 - 2012-04-03 10:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 23:06 - 2012-04-03 10:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 23:06 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 23:06 - 2012-01-27 00:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 23:05 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 23:04 - 2012-09-03 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 23:04 - 2012-01-27 00:28 - 00000602 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 23:02 - 2012-05-13 15:50 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-21 23:02 - 2012-05-13 15:50 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 22:59 - 2009-07-14 19:58 - 08979964 _____ C:\Windows\system32\perfh007.dat
2013-07-21 22:59 - 2009-07-14 19:58 - 02731924 _____ C:\Windows\system32\perfc007.dat
2013-07-21 22:59 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 22:54 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 22:54 - 2012-06-20 19:08 - 19116505 _____ C:\Windows\setupact.log
2013-07-21 22:54 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 22:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 22:53 - 2012-01-26 20:05 - 01942364 _____ C:\Windows\WindowsUpdate.log
2013-07-21 22:45 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-21 21:18 - 2012-01-26 20:13 - 01527806 _____ C:\Windows\PFRO.log
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-21 00:50 - 01779345 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\League of Legends.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 14:13 - 2013-07-10 13:57 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 03:56
==================== End Of Log ============================
--- --- --- Geändert von HalloX1990 (21.07.2013 um 22:09 Uhr) |
|
22.07.2013, 08:29
| #11 |
| /// the machine /// TB-Ausbilder | Von GVU-Trojaner befallen (Win7) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Schnitzel♥\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe [x] <===== ATTENTION
HKU\Schnitzel♥\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Schnitzel♥\...\Command Processor: "C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [97280 2009-07-14] ()
S3 X6va005; \??\C:\Users\K\AppData\Local\Temp\0055E90.tmp [x]
2013-07-17 22:55 - 2013-07-17 22:55 - 00163062 _____ C:\ProgramData\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00163052 _____ C:\Users\Schnitzel♥\AppData\Roaming\2433f433
2013-07-17 22:55 - 2013-07-17 22:55 - 00162988 _____ C:\Users\Schnitzel♥\AppData\Local\2433f433
2013-07-10 13:57 - 2013-07-10 14:13 - 00000000 ____D C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Geht es jetzt? Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 11:16
| #12 |
| | Von GVU-Trojaner befallen (Win7) Es ist wieder möglich sich auf dem befallenen Benutzerkonto anzumelden. Sind damit aber wirklich alle Malwares und Reste entfernt, oder sollte ich noch irgendwelche Schritte einleiten ? Um ehrlich zu sein habe ich trotz allem ein mulmiges Gefühl und möchte den PC, wenn er sauber ist, formatieren und mein System neu installieren. Zuvor möchte ich jedoch noch einige eigene Dokumente auf meine externe Festplatte sichern, allerdings diesmal nicht als Image, sondern einfach den Inhalt meiner vier Ordner (also Musik, Dokumente, Videos, Bilder). Wie kann ich denn komplett sicher gehen, dass ich keine ungewollte Schadsoftware mitziehe und wie kann ich dann, sobald ich Win7 neu installiert habe, meine externe Festplatte + meinen USB erneut überprüfen um nochmal völlig sicher zu gehen ? Das klingt jetzt vielleicht ein bisschen Paranoid, aber ich will einfach ein sauberes System ohne Probleme tief im System. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2013
Ran by K at 2013-07-22 12:14:30 Run:2
Running from C:\Users\K\Desktop
Boot Mode: Normal
==============================================
HKU\Schnitzel♥\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Schnitzel♥\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Schnitzel♥\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
X6va005 => Service deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Schnitzel♥\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Schnitzel♥\AppData\Local\2433f433 => Moved successfully.
C:\Users\K\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl => Moved successfully.
"C:\Users\SCHNIT~1\AppData\Local\Temp\jbrnvgjlmqshblywb.exe" => File/Directory not found.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by K (administrator) on 22-07-2013 12:15:35
Running from C:\Users\K\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\K\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) R:\Skype\Phone\Skype.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(LOL Replay) Z:\LOLReplay\LOLRecorder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Acronis) R:\Acronis\TrueImageHome\TrueImageMonitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) Z:\Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Almico Software (www.almico.com)) R:\SpeedFan\speedfan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) R:\Mozilla\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - R:\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [VIAAUD] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe [x]
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\K\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - R:\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Runonce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [x]
MountPoints2: {09595dbc-48d3-11e1-ab79-002522d5e445} - E:\SETUP.EXE
MountPoints2: {0cf3f0ef-484e-11e1-a8fb-806e6f6e6963} - G:\autorun.exe
MountPoints2: {14d72354-c938-11e2-b8d1-002522fa314a} - E:\pushinst.exe
MountPoints2: {c2be7f0f-5fd8-11e2-83a9-002522fa314a} - E:\Startme.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - "R:\Acronis\TrueImageHome\TrueImageMonitor.exe" [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "Z:\Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Schnitzel♥\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> Z:\LOLReplay\LOLRecorder.exe (LOL Replay)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Z:\Java\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Z:\Java\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Path=Profiles\ij9ke9cb.Test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - Z:\Java\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - R:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - Z:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - R:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: No Name - C:\Users\K\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\
FF StartMenuInternet: FIREFOX.EXE - R:\Mozilla\firefox.exe
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Hamachi2Svc; Z:\Hamachi\hamachi-2.exe [2452912 2012-11-12] (LogMeIn Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; R:\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-11] ()
S2 SkypeUpdate; R:\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-02-22] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-11] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2012-10-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-06-25] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-02-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\ENG64.SYS [126040 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130721.020\EX64.SYS [2098776 2013-07-10] (Symantec Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-06-24] (Sony Ericsson Mobile Communications)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\K\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\K\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 SANDRA; \??\R:\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\Sandra.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 21:10 - 2013-07-21 21:09 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:25 - 2013-07-21 17:22 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:50 - 2013-07-22 12:13 - 01779363 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-21 00:50 - 2013-07-21 00:36 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:42 - 2013-07-21 00:39 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:35 - 2013-07-21 00:34 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-13 03:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 03:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 03:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 03:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 03:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 03:05 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 03:05 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 09:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 09:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 09:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 09:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 09:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 09:36 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 09:36 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 18:07 - 2013-04-11 16:12 - 00019392 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-11 14:41 - 2013-07-17 19:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:34 - 2013-07-11 14:42 - 00001389 _____ C:\Users\Public\Desktop\LoL.lnk
2013-07-11 14:32 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:51 - 2013-07-10 00:55 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-10 00:47 - 2013-07-10 14:19 - 00000000 ____D C:\ProgramData\Solidshield
2013-06-26 01:44 - 2013-05-30 15:11 - 06040792 _____ B:\Eigene Dokumente\com.android.vending-4.1.10.apk
2013-06-25 15:36 - 2013-06-25 15:35 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:38 - 2013-06-27 09:43 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-25 12:38 - 2013-06-25 12:39 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:38 - 2013-06-25 12:39 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:36 - 2011-08-05 16:44 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-24 23:47 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== One Month Modified Files and Folders =======
2013-07-22 12:13 - 2013-07-21 00:50 - 01779363 _____ (Farbar) C:\Users\K\Desktop\FRST64.exe
2013-07-22 12:00 - 2012-08-23 17:34 - 00000000 ____D C:\Users\K\AppData\Roaming\Skype
2013-07-22 12:00 - 2012-06-20 19:08 - 19117233 _____ C:\Windows\setupact.log
2013-07-22 12:00 - 2012-04-03 10:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 12:00 - 2012-02-09 21:17 - 00000000 ____D C:\Users\K\AppData\Local\Adobe
2013-07-21 23:45 - 2012-01-26 20:05 - 01946097 _____ C:\Windows\WindowsUpdate.log
2013-07-21 23:06 - 2012-04-03 10:32 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 23:06 - 2012-04-03 10:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 23:06 - 2012-01-27 00:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 23:04 - 2012-09-03 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 23:04 - 2012-01-27 00:28 - 00000602 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 23:02 - 2013-07-21 23:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 23:02 - 2013-07-21 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 23:02 - 2012-05-13 15:50 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-21 23:02 - 2012-05-13 15:50 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 23:01 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 22:59 - 2009-07-14 19:58 - 08979964 _____ C:\Windows\system32\perfh007.dat
2013-07-21 22:59 - 2009-07-14 19:58 - 02731924 _____ C:\Windows\system32\perfc007.dat
2013-07-21 22:59 - 2009-07-14 07:13 - 00006458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 22:54 - 2012-08-01 18:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 22:54 - 2012-05-05 01:58 - 00000000 ____D C:\Users\K\AppData\Local\LogMeIn Hamachi
2013-07-21 22:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 21:18 - 2012-01-26 20:13 - 01527806 _____ C:\Windows\PFRO.log
2013-07-21 21:09 - 2013-07-21 21:10 - 00891062 _____ C:\Users\K\Desktop\SecurityCheck.exe
2013-07-21 17:22 - 2013-07-21 17:25 - 02347384 _____ (ESET) C:\Users\K\Desktop\esetsmartinstaller_enu.exe
2013-07-21 00:51 - 2013-07-21 00:51 - 00017924 _____ C:\Users\K\Desktop\Addition.txt
2013-07-21 00:51 - 2013-07-21 00:51 - 00000000 ____D C:\FRST
2013-07-21 00:48 - 2013-07-21 00:48 - 00001144 _____ C:\Users\K\Desktop\JRT.txt
2013-07-21 00:43 - 2013-07-21 00:43 - 00000000 ____D C:\Windows\ERUNT
2013-07-21 00:39 - 2013-07-21 00:42 - 00559511 _____ (Oleg N. Scherbakov) C:\Users\K\Desktop\JRT.exe
2013-07-21 00:36 - 2013-07-21 00:50 - 00012613 _____ C:\Users\K\Desktop\AdwCleaner[S1].txt
2013-07-21 00:36 - 2013-07-21 00:36 - 00012613 _____ C:\AdwCleaner[S1].txt
2013-07-21 00:34 - 2013-07-21 00:35 - 00666633 _____ C:\Users\K\Desktop\adwcleaner.exe
2013-07-20 18:41 - 2013-05-28 13:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-07-20 18:41 - 2013-05-28 13:02 - 00001552 _____ C:\Windows\LkmdfCoInst.log
2013-07-19 23:18 - 2013-07-19 23:18 - 00000128 _____ C:\Users\K\defogger_reenable
2013-07-19 23:18 - 2012-01-26 20:05 - 00000000 ____D C:\Users\K
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Users\K\AppData\Roaming\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-19 23:03 - 2013-07-19 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 22:35 - 2013-01-16 17:18 - 00451590 _____ C:\Windows\DPINST.LOG
2013-07-17 22:51 - 2012-05-14 13:07 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\Skype
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\Users\K\AppData\Local\PMB Files
2013-07-17 19:22 - 2013-07-11 14:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-17 17:29 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\Adobe
2013-07-17 17:21 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Local\LogMeIn Hamachi
2013-07-14 20:22 - 2012-04-04 15:16 - 00000000 ____D C:\Users\K\AppData\Local\CrashDumps
2013-07-13 23:12 - 2012-03-20 21:42 - 00000000 ____D C:\Users\K\AppData\Roaming\TS3Client
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 03:26 - 2013-03-01 16:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 03:26 - 2009-07-14 06:45 - 05035272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 03:25 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 03:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 03:06 - 2012-02-12 23:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-13 03:05 - 2012-02-10 15:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 22:43 - 2013-07-11 22:43 - 00276148 _____ B:\Eigene Dokumente\ts3_clientui-win64-1365064384-2013-07-11 22_43_24.024414.dmp
2013-07-11 20:18 - 2013-07-11 20:18 - 00000000 ____D C:\Users\Schnitzel♥\AppData\Roaming\dll-files.com
2013-07-11 14:42 - 2013-07-11 14:34 - 00001389 _____ C:\Users\Public\Desktop\LoL.lnk
2013-07-11 14:41 - 2013-07-11 14:41 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-11 14:41 - 2013-07-11 14:32 - 00000000 ____D C:\Users\K\AppData\Roaming\Riot Games
2013-07-11 14:38 - 2012-01-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 22:04 - 2012-01-30 19:01 - 00445492 _____ C:\Windows\DirectX.log
2013-07-10 21:41 - 2013-07-10 21:41 - 00000975 _____ C:\Users\K\Desktop\Anno 1404.lnk
2013-07-10 14:19 - 2013-07-10 00:47 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-10 14:19 - 2013-05-30 20:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-10 14:19 - 2012-05-13 13:23 - 00000000 ____D C:\Users\Gast
2013-07-10 14:19 - 2012-05-13 13:14 - 00000000 ____D C:\Users\Schnitzel♥
2013-07-10 14:19 - 2012-02-24 03:22 - 00000000 ____D C:\Users\K\AppData\Local\Akamai
2013-07-10 14:19 - 2012-01-26 20:18 - 00000000 ____D C:\ProgramData\Norton
2013-07-10 14:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-10 01:13 - 2013-07-10 01:13 - 00000000 ____D B:\Eigene Dokumente\ANNO 1404 Venedig
2013-07-10 00:55 - 2013-07-10 00:51 - 00000000 ____D C:\Users\K\AppData\Roaming\Ubisoft
2013-07-06 12:27 - 2012-02-07 01:28 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-06 00:46 - 2012-01-30 20:52 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-06 00:46 - 2012-01-30 19:02 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-06 00:45 - 2012-01-30 19:02 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-06 00:01 - 2012-10-17 20:44 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-07-04 12:24 - 2012-01-31 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 09:43 - 2013-06-25 12:38 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-06-26 22:50 - 2012-12-22 18:36 - 00000000 ____D B:\Eigene Dokumente\Sonstiges
2013-06-25 15:35 - 2013-06-25 15:36 - 08056281 _____ C:\Users\K\Desktop\RecoverX.zip
2013-06-25 12:39 - 2013-06-25 12:38 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2013-06-25 12:39 - 2013-06-25 12:38 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-06-25 12:38 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-06-24 23:47 - 2013-06-23 18:56 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-06-24 23:37 - 2013-06-24 23:37 - 00000000 ____D C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-06-24 22:47 - 2013-06-24 22:47 - 00034032 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\seehcri.sys
2013-06-24 19:36 - 2013-06-24 19:36 - 00000000 ____D C:\Users\K\.swt
2013-06-24 15:14 - 2013-06-24 15:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-06-24 15:10 - 2013-06-24 15:10 - 00000000 ____D C:\Users\K\.android
2013-06-24 14:21 - 2013-06-24 14:21 - 00002098 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-24 14:21 - 2013-06-24 14:21 - 00000000 ____D C:\ProgramData\Sony
2013-06-24 14:21 - 2013-01-16 17:18 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-24 11:10 - 2013-01-22 00:47 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 10:59 - 2013-06-24 10:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2013-06-23 18:56 - 2013-06-23 18:56 - 00000681 _____ C:\Users\K\Desktop\Update Service.lnk
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 03:56
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Geändert von HalloX1990 (22.07.2013 um 12:15 Uhr) |
|
22.07.2013, 13:32
| #13 |
| /// the machine /// TB-Ausbilder | Von GVU-Trojaner befallen (Win7) Einfach rüberkopieren, die Dateien sollten in Ordnung sein. Vor dem Zurückspielen einmal mit deinem AV Programm scannen, evtl ESET Onlinescan. Von den Treibern alle installieren die für das Betriebssystem angeboten werden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 13:58
| #14 |
| | Von GVU-Trojaner befallen (Win7) Okay, danke. Was sie scanns angeht, einfach mit Rechtsklick auf die angeschlossene Festplatte und Scan starten, oder was beachten ? |
|
22.07.2013, 14:07
| #15 |
| /// the machine /// TB-Ausbilder | Von GVU-Trojaner befallen (Win7) Nö genau so einfach scannen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Von GVU-Trojaner befallen (Win7) |
| abgebrochen, adware.agent, befallen, bytes, einloggen, entfernen, faust, frage, gelöscht, hintergrund, malware bytes, malware.packer.rh1gen, nicht mehr, packer.modifiedupx, riskware.keygen, scanne, scannen, schwarzer, thread, vollständig, vollständig entfernen, weiße, win32/virut.nbp |
Linear-Darstellung
