| |
| |||||||
Log-Analyse und Auswertung: TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.07.2013, 14:31
| #1 | |
 |  TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Hallo zusammen, zunächst einmal vorab schon einmal danke für die Hilfe! Vor ein paar Jahren habt ihr mir schonmal sehr geholfen und nun hoffe ich, dass es diesmal auch wieder so wunderbar klappt. Also, zur Zeit wohne ich noch in Portugal und meine System-CDs befinden sich in Deutschland, so dass ich es leider nicht einfach neu aufsetzen kann. Mir wurde vor einigen Tagen über einen USB-Stick ein Trojaner oder Wurm übertragen. Als ich den USB-Stick anschloss, hat Avira unaufhörlich Alarm geschlagen. Zunächst war das so massiv, dass der PC immer wieder abgestürzt ist und auch keine Scanprogramme zuende hat laufen lassen. Über einige Schnellsuchläufe mit Antispyware, Zonealarm, Windows Security Essentials und Avira habe ich ihn dann erstmal wieder stabilisiert bekommen, dass ich nun endlich hier posten kann. Auch habe ich bereits Komplettscans mit allen oben genannten Programmen durchgeführt. Mit Zonealarm habe ich gestartet, dabei wurden 40 Datein gefunden, die anderen Programme haben danach nichts mehr gefunden. Gefunden wurden insgesamt folgende Datein: Avira hatte zuvor diese Datein gefunden: erst: TR/Agent.VB.1624 dann: TR/Crypt.FSPM.Gen auf dem Stick wurde dieser gefunden: TR/Rontokbro.45417 ZoneAlarm fand dies: Email-Worm.Win32.Brontok.q Worm.Win32.AutoRun.btdp Trojan-Downloader.Win32.Geral.cnh Superantispyware fand nichts und Microsoft Security Essentials fand dies: Worm:WIn32/Brontok.AF@mm Worm:Win32/Yeltminky.A Anbei noch die OTL- und Gmer-files. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2013 11:12:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,97% Memory free 7,81 Gb Paging File | 5,68 Gb Available in Paging File | 72,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 125,03 Gb Total Space | 49,72 Gb Free Space | 39,77% Space Free | Partition Type: NTFS Drive D: | 148,06 Gb Total Space | 27,89 Gb Free Space | 18,84% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.29 00:35:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.08.29 15:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.08.29 14:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.03 14:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.09.13 21:33:14 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.07.21 14:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 09:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2011.09.13 21:33:14 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012.09.27 15:50:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012.09.17 09:49:12 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2012.07.14 15:01:26 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2011.09.27 15:04:18 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013.07.25 09:40:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.04 12:02:13 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.10.25 02:05:50 | 000,067,752 | ---- | M] (Robert McNeel & Associates) [Disabled | Stopped] -- C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe -- (McNeelUpdate) SRV - [2012.08.29 15:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.15 09:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.30 17:18:04 | 000,325,376 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) DRV:64bit: - [2012.08.29 14:25:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.14 15:01:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 17:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 17:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 17:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.10.19 03:56:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.19 03:56:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.04 07:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.09.27 15:56:52 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.27 14:25:08 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.09 01:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.08.02 00:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.08.02 00:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011.07.20 17:47:56 | 000,143,144 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011.05.13 23:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.05.07 16:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.04.26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:64bit: - [2008.05.23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 08:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.08.31 08:38:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.08.31 08:38:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.29 01:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.29 01:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.31 08:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.11 20:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zybsyvv0.default\extensions [2012.12.11 20:16:52 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\zybsyvv0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.25 11:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.04 12:02:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.08.29 14:32:25 | 000,001,787 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com# O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 209.34.83.73:443 O1 - Hosts: 127.0.0.1 209.34.83.73:43 O1 - Hosts: 127.0.0.1 209.34.83.73 O1 - Hosts: 127.0.0.1 209.34.83.67:43 O1 - Hosts: 127.0.0.1 209.34.83.67 O1 - Hosts: 127.0.0.1 ood.opsource.net O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET O1 - Hosts: 127.0.0.1 199.7.52.190:80 O1 - Hosts: 127.0.0.1 199.7.52.190 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 OCSP.SPO1.VERISIGN.COM O1 - Hosts: 127.0.0.1 199.7.54.72:80 O1 - Hosts: 127.0.0.1 199.7.54.72 O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2282695B-A721-4108-8C72-F9A77F178766}: DhcpNameServer = 10.0.16.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9F2850-F4A9-4408-90CD-5CEA7CD7C5BA}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.24 23:50:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.29 00:35:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.15 22:02:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\music_july [2013.07.12 04:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2012.11.21 16:33:51 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeE090.dll [2012.11.11 14:23:58 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA8D.dll [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.29 11:08:58 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.29 11:07:41 | 000,000,672 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2012.job [2013.07.29 10:54:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 10:54:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.29 10:46:59 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.29 10:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.29 10:45:28 | 3145,764,864 | -HS- | M] () -- C:\hiberfil.sys [2013.07.29 03:42:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.29 03:27:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.29 00:35:45 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.07.29 00:35:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.29 00:34:59 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.07.27 13:19:56 | 000,106,340 | ---- | M] () -- C:\Users\***\Desktop\***_Antrag_ausgefüllt.pdf [2013.07.27 13:19:35 | 000,105,558 | ---- | M] () -- C:\Users\***\Desktop\***_Antrag_ausgefüllt.odt [2013.07.27 11:26:23 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\AutoUpdate Allplan 2012.job [2013.07.26 19:27:39 | 001,643,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.26 19:27:39 | 000,708,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.26 19:27:39 | 000,663,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.26 19:27:39 | 000,151,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.26 19:27:39 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.26 11:16:36 | 000,180,151 | ---- | M] () -- C:\Users\***\Desktop\CV_***_hostel.pdf [2013.07.23 22:21:44 | 000,599,662 | ---- | M] () -- C:\Users\***\Desktop\P7230838.jpg [2013.07.23 22:21:29 | 000,455,621 | ---- | M] () -- C:\Users\***\Desktop\P7230835.jpg [2013.07.23 22:21:24 | 001,140,196 | ---- | M] () -- C:\Users\***\Desktop\P7230842.jpg [2013.07.23 13:41:18 | 000,505,344 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-1.psd [2013.07.23 13:08:58 | 000,122,059 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt-1.jpg [2013.07.22 14:27:46 | 000,104,391 | ---- | M] () -- C:\Users\***\Desktop\***_Antrag.odt [2013.07.21 22:41:57 | 001,372,219 | ---- | M] () -- C:\Users\***\Desktop\P7210762.jpg [2013.07.20 21:26:35 | 000,091,167 | ---- | M] () -- C:\Users\***\Desktop\***_1177412446_n.jpg [2013.07.20 21:01:53 | 000,050,034 | ---- | M] () -- C:\Users\***\Desktop\***_1658292798_n.jpg [2013.07.18 19:41:21 | 000,088,406 | ---- | M] () -- C:\Users\***\Desktop\***_808243800_n.jpg [2013.07.18 19:34:56 | 000,002,026 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.07.18 01:34:50 | 001,335,354 | ---- | M] () -- C:\Users\***\Desktop\P7170603.jpg [2013.07.18 01:34:41 | 001,586,999 | ---- | M] () -- C:\Users\***\Desktop\P7170605.jpg [2013.07.18 01:33:48 | 001,457,338 | ---- | M] () -- C:\Users\***\Desktop\P7170604.jpg [2013.07.18 01:15:17 | 000,209,236 | ---- | M] () -- C:\Users\***\Desktop\***.pdf [2013.07.16 12:32:48 | 000,088,721 | ---- | M] () -- C:\Users\***\Desktop\***.2011.pdf [2013.07.16 12:32:48 | 000,026,415 | ---- | M] () -- C:\Users\***\Desktop\***_Verpflichtung.pdf [2013.07.16 12:32:48 | 000,025,706 | ---- | M] () -- C:\Users\***\Desktop\***_2.pdf [2013.07.16 12:32:48 | 000,023,696 | ---- | M] () -- C:\Users\***\Desktop\NebentÑtigkeit_2010_druck.pdf [2013.07.16 12:32:47 | 000,192,885 | ---- | M] () -- C:\Users\***\Desktop\***.2013.pdf [2013.07.16 12:32:47 | 000,027,994 | ---- | M] () -- C:\Users\***\Desktop\***druck.pdf [2013.07.16 12:32:47 | 000,026,771 | ---- | M] () -- C:\Users\***\Desktop\***_2010_07.pdf [2013.07.16 12:32:47 | 000,024,022 | ---- | M] () -- C:\Users\***\Desktop\Datenschutzrechtlicher Hinweis.pdf [2013.07.15 14:12:20 | 000,062,752 | ---- | M] () -- C:\Users\***\Desktop\***_620225398_n.jpg [2013.07.15 00:21:46 | 000,374,859 | ---- | M] () -- C:\Users\***\Desktop\P7130568.jpg [2013.07.12 21:39:31 | 001,459,619 | ---- | M] () -- C:\Users\***\Desktop\P7120555.jpg [2013.07.11 05:56:06 | 009,607,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.29 11:08:58 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.29 00:35:41 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.07.29 00:34:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.07.27 13:19:56 | 000,106,340 | ---- | C] () -- C:\Users\***\Desktop\***_Antrag_ausgefüllt.pdf [2013.07.27 13:19:31 | 000,105,558 | ---- | C] () -- C:\Users\***\Desktop\***_Antrag_ausgefüllt.odt [2013.07.26 11:16:33 | 000,180,151 | ---- | C] () -- C:\Users\***\Desktop\CV_***_hostel.pdf [2013.07.23 22:21:42 | 000,599,662 | ---- | C] () -- C:\Users\***\Desktop\P7230838.jpg [2013.07.23 22:21:27 | 000,455,621 | ---- | C] () -- C:\Users\***\Desktop\P7230835.jpg [2013.07.23 22:21:21 | 001,140,196 | ---- | C] () -- C:\Users\***\Desktop\P7230842.jpg [2013.07.23 13:41:16 | 000,505,344 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-1.psd [2013.07.23 13:08:55 | 000,122,059 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt-1.jpg [2013.07.22 14:27:37 | 000,104,391 | ---- | C] () -- C:\Users\***\Desktop\***_Antrag.odt [2013.07.21 22:41:53 | 001,372,219 | ---- | C] () -- C:\Users\***\Desktop\P7210762.jpg [2013.07.20 21:26:35 | 000,091,167 | ---- | C] () -- C:\Users\***\Desktop\***_1177412446_n.jpg [2013.07.20 21:01:51 | 000,050,034 | ---- | C] () -- C:\Users\***\Desktop\***_1658292798_n.jpg [2013.07.18 19:41:15 | 000,088,406 | ---- | C] () -- C:\Users\***\Desktop\***_808243800_n.jpg [2013.07.18 01:34:47 | 001,335,354 | ---- | C] () -- C:\Users\***\Desktop\P7170603.jpg [2013.07.18 01:34:38 | 001,586,999 | ---- | C] () -- C:\Users\***\Desktop\P7170605.jpg [2013.07.18 01:33:45 | 001,457,338 | ---- | C] () -- C:\Users\***\Desktop\P7170604.jpg [2013.07.18 01:15:15 | 000,209,236 | ---- | C] () -- C:\Users\***\Desktop\***.pdf [2013.07.16 12:32:48 | 000,088,721 | ---- | C] () -- C:\Users\***\Desktop\***.2011.pdf [2013.07.16 12:32:48 | 000,026,415 | ---- | C] () -- C:\Users\***\Desktop\***_Verpflichtung.pdf [2013.07.16 12:32:48 | 000,025,706 | ---- | C] () -- C:\Users\***\Desktop\Vorstrafen.pdf [2013.07.16 12:32:48 | 000,023,696 | ---- | C] () -- C:\Users\***\Desktop\***_druck.pdf [2013.07.16 12:32:47 | 000,192,885 | ---- | C] () -- C:\Users\***\Desktop\***.2013.pdf [2013.07.16 12:32:47 | 000,027,994 | ---- | C] () -- C:\Users\***\Desktop\***druck.pdf [2013.07.16 12:32:47 | 000,026,771 | ---- | C] () -- C:\Users\***\Desktop\***_2010_07.pdf [2013.07.16 12:32:47 | 000,024,022 | ---- | C] () -- C:\Users\***\Desktop\Datenschutzrechtlicher Hinweis.pdf [2013.07.15 14:12:10 | 000,062,752 | ---- | C] () -- C:\Users\***\Desktop\***_620225398_n.jpg [2013.07.15 00:21:33 | 000,374,859 | ---- | C] () -- C:\Users\***\Desktop\P7130568.jpg [2013.07.12 21:39:27 | 001,459,619 | ---- | C] () -- C:\Users\***\Desktop\P7120555.jpg [2013.05.26 14:40:20 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2013.05.15 00:17:29 | 000,000,702 | ---- | C] () -- C:\Users\***\Eigene Musik - Verknüpfung.lnk [2013.05.15 00:16:52 | 000,000,725 | ---- | C] () -- C:\Users\***\Eigene Bilder - Verknüpfung.lnk [2012.09.27 15:51:38 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.09.07 16:07:49 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe CS6-AIFF-Format - Voreinstellungen [2012.09.05 11:45:43 | 000,000,742 | ---- | C] () -- C:\Users\***\Eigene Dokumente.lnk [2012.08.29 19:00:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.29 18:57:27 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.08.29 18:56:11 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.08.29 18:56:11 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.08.29 18:56:11 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.08.29 18:56:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.08.29 18:56:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.29 18:56:10 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.08.29 18:55:55 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.08.29 14:17:15 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll [2012.08.29 10:25:02 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.10.19 05:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.10.19 05:11:04 | 001,621,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.28 06:15:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.29 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2012.10.25 00:16:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2012.08.31 08:38:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2012.09.05 10:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.05.02 11:08:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.08.31 08:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.26 15:10:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.11.05 11:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Graphisoft [2012.11.05 11:23:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Install.GS [2012.08.29 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2013.02.20 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\McNeel [2012.08.29 14:22:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek [2012.10.11 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.09.11 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.26 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.08.29 14:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.08.31 08:33:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.08.29 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D20FFA63 < End of report > EXTRAS: Zitat:
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-29 13:36:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0001 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\FRIEDE~1\AppData\Local\Temp\awldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\wininit.exe[676] C:\Windows\system32\USER32.dll!FindWindowW 00000000774cd264 5 bytes JMP 00000001222ff174
.text C:\Windows\system32\wininit.exe[676] C:\Windows\system32\USER32.dll!FindWindowA 00000000774e8270 5 bytes JMP 00000001222ff1c4
.text C:\Windows\system32\services.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\services.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\services.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\services.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\services.exe[772] C:\Windows\system32\USER32.dll!FindWindowW 00000000774cd264 5 bytes JMP 00000001222ff174
.text C:\Windows\system32\services.exe[772] C:\Windows\system32\USER32.dll!FindWindowA 00000000774e8270 5 bytes JMP 00000001222ff1c4
.text C:\Windows\system32\lsass.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\lsass.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\lsass.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\lsass.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\lsass.exe[780] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, FA]
.text C:\Windows\system32\lsm.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\lsm.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\lsm.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\lsm.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[972] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, E8]
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\System32\svchost.exe[868] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, 0F]
.text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, 0F]
.text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\WLANExt.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\WLANExt.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\WLANExt.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\WLANExt.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\conhost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\conhost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\conhost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\conhost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[2012] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1120] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Windows\System32\spoolsv.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\System32\spoolsv.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\System32\spoolsv.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\System32\spoolsv.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, FA]
.text C:\Windows\System32\StikyNot.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\System32\StikyNot.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\System32\StikyNot.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\System32\StikyNot.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3216] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3216] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, FA]
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3236] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Windows\SysWOW64\ntdll.dll[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Windows\SysWOW64\ntdll.dll[3552] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Windows\SysWOW64\ntdll.dll[3552] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Windows\SysWOW64\ntdll.dll[3552] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Windows\SysWOW64\ntdll.dll[3552] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Windows\system32\wbem\wmiprvse.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\wbem\wmiprvse.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\wbem\wmiprvse.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\wbem\wmiprvse.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\wbem\wmiprvse.exe[3708] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, FA]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3724] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3720] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3684] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\conhost.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\conhost.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\conhost.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\conhost.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\SearchIndexer.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\SearchIndexer.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\SearchIndexer.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\SearchIndexer.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[4356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\System32\svchost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\System32\svchost.exe[2072] C:\Windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007feff92b3a1 3 bytes [DD, 4C, FA]
.text C:\Windows\system32\wuauclt.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\wuauclt.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\wuauclt.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\wuauclt.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000779814d0 5 bytes JMP 00000001222ffe7c
.text C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077981500 5 bytes JMP 0000000122300530
.text C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077981960 5 bytes JMP 00000001222ffab8
.text C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077981b00 5 bytes JMP 00000001223005e8
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077b2fb08 5 bytes JMP 0000000120cb89ab
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 0000000077b2fb50 5 bytes JMP 0000000120cb8d58
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077b30220 5 bytes JMP 0000000120cb8791
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000077b304a0 5 bytes JMP 0000000120cb8dd9
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\syswow64\kernel32.dll!OpenProcess 00000000752b1986 5 bytes JMP 0000000120cb846c
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771698fd 5 bytes JMP 0000000120cb825a
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007716ffe6 5 bytes JMP 0000000120cb828f
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000076a3c7ce 5 bytes JMP 0000000120cb9036
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[3372] C:\Windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000076a73369 5 bytes JMP 0000000120cb8e5d
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3552:3556] 0000000000d872be
Thread C:\Windows\SysWOW64\ntdll.dll [3552:3644] 00000000695d8f84
Thread C:\Windows\SysWOW64\ntdll.dll [3552:3648] 00000000695d925e
Thread C:\Windows\SysWOW64\ntdll.dll [3552:3652] 00000000695d8bd0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- EOF - GMER 2.1 ---- [/QUOTE]
Zwei Fragen noch zum Schluss: Was mache ich mit dem Stick? Einfach einen Neuen kaufen und diesen in die Tonne kloppen? Und: Zur gleichen Zeit wie den Stick hatte ich auch meine externe Festplatte angeschlossen. Wie hoch ist die Wahrscheinlichkeit, dass auch diese beschädigt ist bzw. wie kann ich es herausfinden, ohne den Virus meines PCs auf die Festplatte zu übertragen? Wie gehe ich am Besten vor? Danke nochmals, ich hoffe, ihr könnt mir helfen! Viele Grüße, Friedi Geändert von Friedi (29.07.2013 um 14:42 Uhr) |
|
29.07.2013, 14:38
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Hallo,
__________________Zitat:
Zitat:
Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
29.07.2013, 21:26
| #3 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Entschuldigung :-/. Ich hoffe, ich habe alles entfernt.
__________________Die logs sind nicht mehr verfügbar. Mir wird nur gesagt, dass die Datei nicht gefunden werden kann. Lediglich der von der letzter Nacht ist verfügbar, falls da noch Dateinamen drin sein sollten, die auf Cracks oder Keygens hinweisen, tut es mir Leid, es handelt sich um einen alten Log. Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 28. Juli 2013 23:37
Es wird nach 5168716 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***
Versionsinformationen:
BUILD.DAT : 12.1.9.2400 46075 Bytes 17.06.2013 22:53:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 22:43:11
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.07.2012 16:04:38
LUKE.DLL : 12.3.0.15 68304 Bytes 18.07.2012 16:04:31
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18.07.2012 16:04:24
AVREG.DLL : 12.3.0.33 232232 Bytes 18.07.2012 16:04:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:46:34
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:09:30
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 11:23:51
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:57:40
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 09:25:25
VBASE005.VDF : 7.11.91.177 2048 Bytes 23.07.2013 09:25:26
VBASE006.VDF : 7.11.91.178 2048 Bytes 23.07.2013 09:25:26
VBASE007.VDF : 7.11.91.179 2048 Bytes 23.07.2013 09:25:26
VBASE008.VDF : 7.11.91.180 2048 Bytes 23.07.2013 09:25:26
VBASE009.VDF : 7.11.91.181 2048 Bytes 23.07.2013 09:25:26
VBASE010.VDF : 7.11.91.182 2048 Bytes 23.07.2013 09:25:26
VBASE011.VDF : 7.11.91.183 2048 Bytes 23.07.2013 09:25:26
VBASE012.VDF : 7.11.91.184 2048 Bytes 23.07.2013 09:25:26
VBASE013.VDF : 7.11.92.32 156160 Bytes 24.07.2013 09:25:27
VBASE014.VDF : 7.11.92.147 168960 Bytes 25.07.2013 19:34:09
VBASE015.VDF : 7.11.93.93 419328 Bytes 28.07.2013 22:35:41
VBASE016.VDF : 7.11.93.94 2048 Bytes 28.07.2013 22:35:42
VBASE017.VDF : 7.11.93.95 2048 Bytes 28.07.2013 22:35:42
VBASE018.VDF : 7.11.93.96 2048 Bytes 28.07.2013 22:35:42
VBASE019.VDF : 7.11.93.97 2048 Bytes 28.07.2013 22:35:42
VBASE020.VDF : 7.11.93.98 2048 Bytes 28.07.2013 22:35:42
VBASE021.VDF : 7.11.93.99 2048 Bytes 28.07.2013 22:35:42
VBASE022.VDF : 7.11.93.100 2048 Bytes 28.07.2013 22:35:42
VBASE023.VDF : 7.11.93.101 2048 Bytes 28.07.2013 22:35:42
VBASE024.VDF : 7.11.93.102 2048 Bytes 28.07.2013 22:35:42
VBASE025.VDF : 7.11.93.103 2048 Bytes 28.07.2013 22:35:43
VBASE026.VDF : 7.11.93.104 2048 Bytes 28.07.2013 22:35:43
VBASE027.VDF : 7.11.93.105 2048 Bytes 28.07.2013 22:35:43
VBASE028.VDF : 7.11.93.106 2048 Bytes 28.07.2013 22:35:43
VBASE029.VDF : 7.11.93.107 2048 Bytes 28.07.2013 22:35:43
VBASE030.VDF : 7.11.93.108 2048 Bytes 28.07.2013 22:35:44
VBASE031.VDF : 7.11.93.148 92160 Bytes 28.07.2013 22:35:44
Engineversion : 8.2.12.94
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 14:56:34
AESCRIPT.DLL : 8.1.4.136 504190 Bytes 26.07.2013 15:09:38
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 17:22:07
AESBX.DLL : 8.2.5.12 606578 Bytes 18.07.2012 16:04:20
AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 14:56:33
AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 15:21:44
AEOFFICE.DLL : 8.1.2.74 205181 Bytes 26.07.2013 15:09:38
AEHEUR.DLL : 8.1.4.504 6046074 Bytes 26.07.2013 15:09:37
AEHELP.DLL : 8.1.27.4 266617 Bytes 27.06.2013 20:52:12
AEGEN.DLL : 8.1.7.10 442743 Bytes 26.07.2013 15:09:34
AEEXP.DLL : 8.4.1.36 278903 Bytes 26.07.2013 15:09:38
AEEMU.DLL : 8.1.3.2 393587 Bytes 05.09.2012 08:58:17
AECORE.DLL : 8.1.31.6 201081 Bytes 27.06.2013 20:52:10
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 17:58:24
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.07.2012 16:04:25
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 22:43:10
AVREP.DLL : 12.3.0.15 179208 Bytes 18.07.2012 16:04:23
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 22:43:09
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.07.2012 16:04:22
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.07.2012 16:04:34
AVSMTP.DLL : 12.3.0.32 63480 Bytes 18.07.2012 16:04:24
NETNT.DLL : 12.3.0.15 17104 Bytes 18.07.2012 16:04:31
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 18.07.2012 16:04:41
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 22:43:07
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Sonntag, 28. Juli 2013 23:37
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '30' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1976' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
Beginne mit der Suche in 'D:\' <Data>
Ende des Suchlaufs: Montag, 29. Juli 2013 02:10
Benötigte Zeit: 2:33:17 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
42290 Verzeichnisse wurden überprüft
679586 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
679586 Dateien ohne Befall
3826 Archive wurden durchsucht
0 Warnungen
0 Hinweise
898694 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Friedi |
|
29.07.2013, 23:05
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.07.2013, 01:06
| #5 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Ich habe Win7 und nach der Anleitung funktioniert diese Funktion nicht. Habe nach einer Fehlerbehebung gegoogelt, scheint aber ein gängiges Problem zu sein... :-/ Auch nicht, wenn ich als Administrator ausführe. Es öffnet sich kein Requester! Und nu? |
|
30.07.2013, 08:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Von was für einen Requester bitte redest du da?  Du solltest doch wie auf u.a. Screenshot sehen wie man an die Logs kommt 
__________________ --> TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 |
|
30.07.2013, 12:43
| #7 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Aber es funktioniert doch nicht!!  Mir werden keine Logs angezeigt, wenn ich es genau wie nach Anleitung durchführe! :/Ich habe alles ausprobiert... |
|
30.07.2013, 15:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Was bitte genau funktioniert da nicht, was bitte soll jetzt ein Requester sein? Wird dir garnichts mehr an Funden angezeigt, hast du vllt alle Ereignisse gelöscht? Versuch das bitte nochmal. Und außerdem: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2013, 12:12
| #9 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Mensch, ich kenn mich mit Computern doch nicht aus . Ich hab halt nach dem Problem mit Avira gegoogelt und da stand dann bei jemandem von Requester. Vllt hab ich auch einfach was durcheinander gebracht... Können wir es jetzt dabei belassen?  So, hier die Logs, ich hab nach bestem Wissen alle illegale Software entfernt und hoffe, dass jetzt alles stimmt. Falls noch was auftauchen sollte, ist das wirklich Unwissenheit. Aber ich glaube, da sollte nichts mehr sein. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by *** (administrator) on 31-07-2013 11:54:03
Running from C:\Users\***\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\eHome\EhTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehRec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-07-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-07-14] (Check Point Software Technologies)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-08-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zybsyvv0.default
FF SelectedSearchEngine: Amazon.de
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zybsyvv0.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
==================== Services (Whitelisted) =================
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-17] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-07-18] (Avira Operations GmbH & Co. KG)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-07-14] (Check Point Software Technologies)
S4 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-25] (Robert McNeel & Associates)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-08-29] (Check Point Software Technologies LTD)
==================== Drivers (Whitelisted) ====================
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [325376 2012-08-30] (AfaTech )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-07-18] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-07-18] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-07-18] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-29] (DT Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-07-14] (Check Point Software Technologies)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-31 11:53 - 2013-07-31 11:53 - 00000000 ____D C:\FRST
2013-07-30 20:41 - 2013-07-30 20:41 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-29 13:46 - 2013-07-29 13:46 - 00016186 _____ C:\Users\***\Desktop\Avira.txt
2013-07-29 13:43 - 2013-07-29 13:43 - 00089018 _____ C:\Users\***\Desktop\Extras_2.txt
2013-07-29 13:42 - 2013-07-29 13:42 - 00090738 _____ C:\Users\***\Desktop\OTL_2.txt
2013-07-29 13:39 - 2013-07-29 13:39 - 00042598 _____ C:\Users\***\Desktop\gmer_2.txt
2013-07-29 13:36 - 2013-07-29 13:36 - 00042724 _____ C:\Users\***\Desktop\gmer.log
2013-07-29 11:32 - 2013-07-29 11:32 - 00089080 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-29 11:29 - 2013-07-29 11:29 - 00093604 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-29 11:08 - 2013-07-29 11:09 - 00000496 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-29 11:08 - 2013-07-29 11:08 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-29 01:04 - 2013-07-30 20:29 - 00000448 _____ C:\Windows\setupact.log
2013-07-29 01:04 - 2013-07-29 01:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-29 00:47 - 2013-07-29 14:43 - 00091193 _____ C:\Users\***\Desktop\trojanerboard.txt
2013-07-29 00:35 - 2013-07-29 00:35 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-29 00:35 - 2013-07-29 00:35 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-29 00:34 - 2013-07-29 00:34 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-25 09:29 - 2013-07-25 09:29 - 17018248 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-07-15 22:02 - 2013-07-22 11:45 - 00000000 ____D C:\Users\***\Desktop\music_july
2013-07-12 04:59 - 2013-07-12 05:06 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 21:55 - 2013-05-29 06:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 21:55 - 2013-05-29 06:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 21:55 - 2013-05-29 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 21:55 - 2013-05-29 06:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 21:55 - 2013-05-29 02:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 21:55 - 2013-05-29 02:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 21:55 - 2013-05-29 02:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 21:55 - 2013-05-29 02:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 21:54 - 2013-05-29 07:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 21:54 - 2013-05-29 06:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 21:54 - 2013-05-29 06:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 21:54 - 2013-05-29 06:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 21:54 - 2013-05-29 06:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 21:54 - 2013-05-29 06:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 21:54 - 2013-05-29 06:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 21:54 - 2013-05-29 06:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 21:54 - 2013-05-29 06:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 21:54 - 2013-05-29 06:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 21:54 - 2013-05-29 06:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 21:54 - 2013-05-29 06:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 21:54 - 2013-05-29 02:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 21:54 - 2013-05-29 02:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 21:54 - 2013-05-29 02:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 21:54 - 2013-05-29 02:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 21:54 - 2013-05-29 02:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 21:54 - 2013-05-29 02:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 21:54 - 2013-05-29 02:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 21:54 - 2013-05-29 02:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 21:54 - 2013-05-29 02:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 21:54 - 2013-05-29 02:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 21:54 - 2013-05-29 02:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 21:54 - 2013-05-29 02:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 20:37 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 20:37 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 20:37 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 20:37 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 20:37 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 20:36 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 20:36 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-07-31 11:53 - 2013-07-31 11:53 - 00000000 ____D C:\FRST
2013-07-31 11:53 - 2012-08-31 08:41 - 00000000 ____D C:\Users\***\AppData\Roaming\Skype
2013-07-31 11:49 - 2012-10-08 17:18 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 11:49 - 2012-08-30 13:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 11:49 - 2012-08-29 14:20 - 00000672 _____ C:\Windows\Tasks\WebContent AutoUpdate 2012.job
2013-07-31 11:49 - 2012-08-29 14:20 - 00000516 _____ C:\Windows\Tasks\AutoUpdate Allplan 2012.job
2013-07-30 20:41 - 2013-07-30 20:41 - 01781589 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-30 20:40 - 2012-08-29 18:51 - 02067900 _____ C:\Windows\WindowsUpdate.log
2013-07-30 20:38 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 20:38 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 20:30 - 2012-10-08 17:18 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 20:29 - 2013-07-29 01:04 - 00000448 _____ C:\Windows\setupact.log
2013-07-30 20:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 20:26 - 2012-08-29 11:32 - 00000000 ____D C:\ProgramData\Adobe
2013-07-30 20:21 - 2012-08-29 11:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-30 20:13 - 2012-08-29 15:28 - 00000000 ____D C:\Program Files\MAXON
2013-07-29 14:43 - 2013-07-29 00:47 - 00091193 _____ C:\Users\***\Desktop\trojanerboard.txt
2013-07-29 14:02 - 2012-09-05 10:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-29 13:46 - 2013-07-29 13:46 - 00016186 _____ C:\Users\***\Desktop\Avira.txt
2013-07-29 13:43 - 2013-07-29 13:43 - 00089018 _____ C:\Users\***\Desktop\Extras_2.txt
2013-07-29 13:42 - 2013-07-29 13:42 - 00090738 _____ C:\Users\***\Desktop\OTL_2.txt
2013-07-29 13:39 - 2013-07-29 13:39 - 00042598 _____ C:\Users\***\Desktop\gmer_2.txt
2013-07-29 13:36 - 2013-07-29 13:36 - 00042724 _____ C:\Users\***\Desktop\gmer.log
2013-07-29 11:32 - 2013-07-29 11:32 - 00089080 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-29 11:29 - 2013-07-29 11:29 - 00093604 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-29 11:09 - 2013-07-29 11:08 - 00000496 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-29 11:08 - 2013-07-29 11:08 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-29 11:08 - 2012-08-29 10:24 - 00000000 ____D C:\Users\***
2013-07-29 01:04 - 2013-07-29 01:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-29 00:35 - 2013-07-29 00:35 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-29 00:35 - 2013-07-29 00:35 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-29 00:34 - 2013-07-29 00:34 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-26 19:27 - 2011-02-19 05:24 - 00708282 _____ C:\Windows\system32\perfh007.dat
2013-07-26 19:27 - 2011-02-19 05:24 - 00151886 _____ C:\Windows\system32\perfc007.dat
2013-07-26 19:27 - 2009-07-14 06:13 - 01643244 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 09:40 - 2012-08-30 13:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-25 09:37 - 2012-08-30 13:06 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-25 09:37 - 2012-08-30 13:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-25 09:29 - 2013-07-25 09:29 - 17018248 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-07-22 11:45 - 2013-07-15 22:02 - 00000000 ____D C:\Users\***\Desktop\music_july
2013-07-19 15:20 - 2012-10-09 09:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-19 15:20 - 2012-08-31 08:40 - 00000000 ____D C:\ProgramData\Skype
2013-07-18 19:34 - 2012-08-29 11:13 - 00002026 _____ C:\Windows\epplauncher.mif
2013-07-15 18:37 - 2012-10-08 17:18 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 18:37 - 2012-10-08 17:18 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 05:06 - 2013-07-12 04:59 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 16:10 - 2013-06-26 14:46 - 00000000 ____D C:\Users\***\Desktop\to do
2013-07-11 05:56 - 2009-07-14 05:45 - 09607704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 05:54 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 05:54 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 05:53 - 2012-08-29 11:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 05:53 - 2012-08-29 11:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-07 13:39 - 2012-10-12 13:36 - 00000000 ____D C:\Windows\Minidump
2013-07-05 00:49 - 2012-09-05 11:45 - 00129536 ___SH C:\Users\***\Thumbs.db
2013-07-04 20:47 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 20:46 - 2012-08-31 08:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 12:02 - 2013-03-08 01:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-23 21:34
==================== End Of Log ============================
und addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by *** at 2013-07-31 11:55:12
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20 (x32)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
Akamai NetSession Interface (HKCU)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD AVIVO64 Codecs (Version: 11.7.0.10927)
AMD Catalyst Install Manager (Version: 3.0.847.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
ArchiCAD Trainingsleitfaden - Grundlagen (x32)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0)
ASUS Power4Gear Hybrid (Version: 1.1.45)
ATK Package (x32 Version: 1.0.0014)
AutoCAD 2012 - English (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)
Autodesk Content Service (x32 Version: 2.0.90)
Autodesk Download Manager (x32 Version: 2.0.2.0)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Avira Free Antivirus (x32 Version: 12.1.9.2400)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0927.2225.38375)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0927.2225.38375)
Catalyst Control Center InstallProxy (x32 Version: 2011.0927.2225.38375)
Catalyst Control Center Localization All (x32 Version: 2011.0927.2225.38375)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0927.2225.38375)
CCC Help Chinese Standard (x32 Version: 2011.0927.2224.38375)
CCC Help Chinese Traditional (x32 Version: 2011.0927.2224.38375)
CCC Help Czech (x32 Version: 2011.0927.2224.38375)
CCC Help Danish (x32 Version: 2011.0927.2224.38375)
CCC Help Dutch (x32 Version: 2011.0927.2224.38375)
CCC Help English (x32 Version: 2011.0927.2224.38375)
CCC Help Finnish (x32 Version: 2011.0927.2224.38375)
CCC Help French (x32 Version: 2011.0927.2224.38375)
CCC Help German (x32 Version: 2011.0927.2224.38375)
CCC Help Greek (x32 Version: 2011.0927.2224.38375)
CCC Help Hungarian (x32 Version: 2011.0927.2224.38375)
CCC Help Italian (x32 Version: 2011.0927.2224.38375)
CCC Help Japanese (x32 Version: 2011.0927.2224.38375)
CCC Help Korean (x32 Version: 2011.0927.2224.38375)
CCC Help Norwegian (x32 Version: 2011.0927.2224.38375)
CCC Help Polish (x32 Version: 2011.0927.2224.38375)
CCC Help Portuguese (x32 Version: 2011.0927.2224.38375)
CCC Help Russian (x32 Version: 2011.0927.2224.38375)
CCC Help Spanish (x32 Version: 2011.0927.2224.38375)
CCC Help Swedish (x32 Version: 2011.0927.2224.38375)
CCC Help Thai (x32 Version: 2011.0927.2224.38375)
CCC Help Turkish (x32 Version: 2011.0927.2224.38375)
ccc-utility64 (Version: 2011.0927.2225.38375)
CCleaner (Version: 3.27)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
ETDWare PS/2-X64 8.0.5.5_WHQL (Version: 8.0.5.5)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free YouTube Download version 3.2.2.426 (x32 Version: 3.2.2.426)
Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
General Runtime Files for Allplan 2012-1 Release (x32 Version: 1.6.0.0)
General Runtime Files for Nemetschek Softlock 2006 (x32 Version: 1.3.0.0)
General Runtime Files for Nemetschek Softlock 2006 64 (Version: 1.2.0.0)
Google Earth (x32 Version: 7.0.3.8542)
Google SketchUp 8 (x32 Version: 3.0.14358)
Google Update Helper (x32 Version: 1.3.21.153)
hiCAD 16 GER (Version: 16.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nemetschek Allplan 2012 (x32 Version: 2012.0)
Nemetschek SoftLock 2006 (x32 Version: 1.26.55)
Nokia Connectivity Cable Driver (x32 Version: 7.1.101.0)
Nokia Suite (x32 Version: 3.7.22.0)
Notepad++ (x32 Version: 6.2)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PC Connectivity Solution (x32 Version: 12.0.76.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PX Profile Update (x32 Version: 1.00.1.)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 9.2)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6473)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10010)
Rhinoceros 5.0 (64-bit) (Version: 5.1.20927.2230)
Skype™ 6.6 (x32 Version: 6.6.106)
Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00)
SUPERAntiSpyware (Version: 5.5.1012)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinFlash (x32 Version: 2.32.0)
Wireless Console 3 (x32 Version: 3.0.24)
ZoneAlarm Antivirus (x32 Version: 10.2.078.000)
ZoneAlarm Firewall (x32 Version: 10.2.078.000)
ZoneAlarm Free Antivirus + Firewall (x32 Version: 10.2.073.000)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (x32 Version: 10.2.078.000)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)
==================== Restore Points =========================
22-07-2013 09:52:46 Windows Update
25-07-2013 19:43:02 Windows Update
28-07-2013 18:00:18 Windows-Sicherung
29-07-2013 09:57:23 Windows Update
==================== Hosts content: ==========================
2012-08-29 14:32 - 2012-08-29 14:32 - 00001787 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com#
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
==================== Scheduled Tasks (whitelisted) =============
Task: {0353C1BF-6C7E-4AF7-89A2-ADC246500891} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS)
Task: {07078F74-CA74-4A10-86D5-A09B40D0EB99} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {44E75518-81EB-4071-B129-2AB86F419525} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25] (Adobe Systems Incorporated)
Task: {4B7447EB-8C9B-436E-BF6D-9094A48F0A36} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {4DEA2336-2AAB-472F-8791-D92479FF72CC} - System32\Tasks\{D3251A23-7357-412E-AB52-ED68EFCBDE0D} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-04] (Mozilla Corporation)
Task: {5BC9A509-8D1F-4C6A-A77B-CB62AECFD36A} - System32\Tasks\WebContent AutoUpdate 2012 => C:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-07-14] (Nemetschek Allplan GmbH)
Task: {7499951D-313A-4947-ACC7-3D259BF54917} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {9172EC87-0EA1-4B25-8EB9-E37DA95BA475} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {AA04BDB8-415F-4345-9CBA-664EEB5DEE33} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {CC322C63-79F6-4278-A034-9B121105DEF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {CEB843B9-68B2-424C-BCDC-7E4424DE876D} - System32\Tasks\AutoUpdate Allplan 2012 => C:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-07-14] (Nemetschek Allplan GmbH)
Task: {D5C23071-977E-4C38-9248-D6DFDA6B8106} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D7291D73-834E-412C-B4A8-1FDA8024D82F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {DB93A678-6FC9-42F4-80EA-2EA0B75C76D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7A180CB-3FDE-4169-8501-6F597364280E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {FBE7C540-1A48-460A-8AAB-0BCB0692A82D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoUpdate Allplan 2012.job => C:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2012.job => C:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2013 08:30:15 PM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/30/2013 08:03:00 PM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/30/2013 11:43:18 AM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/29/2013 08:33:07 PM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/29/2013 11:39:49 AM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/29/2013 10:47:19 AM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 04:12:38 PM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 00:00:58 PM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 02:13:27 AM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 02:04:01 AM) (Source: Autodesk Content Service) (User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (07/31/2013 11:49:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (07/31/2013 11:49:14 AM) (Source: DCOM) (User: )
Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (07/30/2013 11:39:48 AM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (07/30/2013 01:07:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2013 01:07:20 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Funktionssuche-Ressourcenveröffentlichung erreicht.
Error: (07/30/2013 01:06:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Autodesk Content Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/30/2013 01:06:50 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Autodesk Content Service erreicht.
Error: (07/30/2013 01:04:51 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 30.07.2013 um 01:03:32 unerwartet heruntergefahren.
Error: (07/29/2013 02:11:01 AM) (Source: DCOM) (User: ***)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}******S-1-5-21-900094647-1889110742-112649878-1000LocalHost (unter Verwendung von LRPC)
Error: (07/29/2013 02:11:01 AM) (Source: DCOM) (User: ***)
Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}******S-1-5-21-900094647-1889110742-112649878-1000LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (07/30/2013 08:30:15 PM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/30/2013 08:03:00 PM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/30/2013 11:43:18 AM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/29/2013 08:33:07 PM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/29/2013 11:39:49 AM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/29/2013 10:47:19 AM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 04:12:38 PM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 00:00:58 PM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 02:13:27 AM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/28/2013 02:04:01 AM) (Source: Autodesk Content Service)(User: )
Description: Der Dienst kann nicht gestartet werden. Connect.Exceptions.IndexingServiceException: IndexingServiceErrCodes:129:UnexpectedDatabase
bei Connect.MetaStore.MetaStorage.Initialize()
bei Connect.IVault.IVault.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
CodeIntegrity Errors:
===================================
Date: 2013-07-31 11:52:59.866
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-30 20:28:30.216
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-30 20:14:42.274
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-30 13:24:33.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-30 11:51:36.413
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-30 00:59:16.457
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-29 20:40:12.631
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-29 11:54:38.690
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-29 11:11:02.933
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-29 00:35:38.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 4000.05 MB
Available physical RAM: 1974.68 MB
Total Pagefile: 7998.29 MB
Available Pagefile: 5554.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:56.33 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:27.89 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Und noch zu den Funden: Gelöscht habe ich die nicht (jedenfalls nicht wissentlich), die werden mir noch angezeigt. Ich hab keine Ahnung, was da falsch läuft. Danke dir!!! |
|
31.07.2013, 15:50
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417Zitat:
Schau bitte nochmal nach wie in unserer Anleitung beschrieben Code:
ATTFilter AutoCAD 2012 - English (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)
Autodesk Content Service (x32 Version: 2.0.90)
Autodesk Download Manager (x32 Version: 2.0.2.0)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Ist das ein rein privat genutzer PC? Du nutzt rein privat Software von Autodesk?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2013, 22:48
| #11 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Autodesk gehört zu AutoCad, das sind Zeichenprogramme, die ich für die Uni nutze (Studentenversionen). Ebenso Nemetschek. Aber alles legal heruntergeladen. Gibt es damit irgendein Problem? Und ja, der PC wird lediglich privat genutzt. Ich habe es nochmals und nochmals und nochmals mit Avira probiert, es passiert nichts. Ich öffne Avira, gehe auf Ereignisse, wähle lediglich die Funde aus, markiere alles, Rechtsklick, Ereignisse exportieren... nichts passiert. Ich habe nichts in der Zwischenablage oder dem Desktop! :-/ |
|
31.07.2013, 23:34
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417Zitat:
Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.08.2013, 00:37
| #13 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Nein nein, wirklich nur mein privater Laptop! Combofix hat soweit einwandfrei gearbeitet, keine Fehlermeldung oder ähnliches. Code:
ATTFilter ComboFix 13-07-31.02 - *** 01.08.2013 0:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4000.2679 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\hpeA8D.dll
c:\programdata\hpeE090.dll
c:\users\***\AppData\Local\uninst.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-31 ))))))))))))))))))))))))))))))
.
.
2013-07-31 23:17 . 2013-07-31 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-31 11:01 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{691ED4D3-FA56-4B80-83B3-A90BEFDF052E}\mpengine.dll
2013-07-31 10:53 . 2013-07-31 10:53 -------- d-----w- C:\FRST
2013-07-30 10:51 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-25 08:29 . 2013-07-25 08:29 17018248 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-07-17 21:06 . 2013-07-17 20:54 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06AC81AD-B593-477B-A70B-A3AA5FC9F6BD}\gapaengine.dll
2013-07-12 03:59 . 2013-07-12 04:06 -------- d-----w- c:\windows\system32\MRT
2013-07-10 20:54 . 2013-05-29 06:24 763544 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-07-10 19:37 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 19:36 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 19:36 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-29 02:30 . 2012-09-01 11:46 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-29 02:29 . 2012-09-01 11:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-29 02:29 . 2012-08-30 16:25 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-25 08:37 . 2012-08-30 12:06 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 08:37 . 2012-08-30 12:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-23 23:57 . 2012-08-29 10:36 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 17:04 . 2012-09-28 14:37 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-26 22:07 . 2012-08-30 16:25 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-26 22:06 . 2012-08-30 16:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-20 06:50 . 2012-09-01 11:46 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-13 05:51 . 2013-06-13 13:13 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 13:13 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 13:13 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 13:13 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 13:13 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 13:13 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 13:13 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 13:13 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 13:13 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 13:13 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-13 13:14 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 13:14 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-09 09:39 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 06:39 . 2013-06-13 13:14 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 08:40]
.
2013-07-31 c:\windows\Tasks\AutoUpdate Allplan 2012.job
- c:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-08-29 06:02]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 16:18]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 16:18]
.
2013-07-31 c:\windows\Tasks\WebContent AutoUpdate 2012.job
- c:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-08-29 06:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zybsyvv0.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-ISW - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-01 00:20:35
ComboFix-quarantined-files.txt 2013-07-31 23:20
.
Vor Suchlauf: 13 Verzeichnis(se), 62.523.461.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 62.122.270.720 Bytes frei
.
- - End Of File - - D6F14BB4E2E23DC2C81B11519BF238E8
D41D8CD98F00B204E9800998ECF8427E
|
|
01.08.2013, 08:53
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417Zitat:
Das kann zu massiven Problemen und Seiteneffekten führen, nur eines solltest du davon behalten! Vorschlag: du deinstallierst erstmal alle drei, wenn wir hier in Kürze durch sind, kannst du Avast installieren. Oder du behälst einfach nur MSE.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.08.2013, 11:56
| #15 |
| | TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 Okay. Sollen die restlichen Programme direkt jetzt runter vom PC? Oder wie sieht der nächste Schritt aus? Ich habe ja auch immernoch das Problem mit meiner externen Festplatte, bei der ich nicht weiss, ob die befallen ist :/! |
|
| Themen zu TR/Agent.VB.1624 // TR/Crypt.FSPM.Gen // TR/Rontokbro.45417 |
| antivir, avira, converter, festplatte, firefox, flash player, frage, igdpmd64.sys, kaspersky, mozilla, ntdll.dll, plug-in, realtek, registry, security, sehr geholfen, software, svchost.exe, tr/agent.vb, tr/crypt.fspm.gen, tr/rontokbro, tr/rontokbro.45417, trojaner, virus, windows, wuauclt.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
