| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zahlungsaufforderung MS-Dos file geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.08.2013, 21:50
| #1 |
 |  Zahlungsaufforderung MS-Dos file geöffnet Hallo lieber Leser. Ich habe eine Zahlungsaufforderung erhalten, bin dummerweise in panik verfallen und habe den Anhang geöffnet. (Zip-komprimierte Datei) Dabei ist mir völlig entgangen, dass es sich dabei um ein MS-Dos file handelt. Als beim öffnen nichts erkennbares passierte war ich dabei dann hinreichend allarmiert, sodass ich nun n diesem Forum nachfrage. Ich habe bereits Avira durchlaufen lassen, welches allerdings nichts gefunden hat. Auswirkungen sehe ich so adhoc auch keine. (Heißt das mein Rechner ist sauber und das ist nur unnötige Panik, oder...?) Mir ist bewusst, dass es einen sehr ähnlichen Thread gibt (http://www.trojaner-board.de/140305-...geoeffnet.html) , jedoch dachte ich mir es sei besser (noch) einen aufzumachen. Da das ja meistens nach einem Otl-Log verlangt zu werden scheint, habe ich die einfach im Anhang hinzugefügt. Hier nochmals der Otl.txt: Code:
ATTFilter OTL logfile created on: 23.08.2013 22:25:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,03% Memory free 8,00 Gb Paging File | 6,16 Gb Available in Paging File | 77,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 69,73 Gb Free Space | 46,79% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 91,63 Gb Free Space | 61,48% Space Free | Partition Type: NTFS Computer Name: MICHAEL-ARLT | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.08.23 22:25:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe PRC - [2013.07.02 23:37:08 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.02 23:37:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.07.02 23:36:58 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.02 23:36:58 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.30 12:03:00 | 001,648,264 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013.02.15 15:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2012.09.26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe PRC - [2009.03.20 03:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 03:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.08.17 16:43:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.07.14 12:27:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.02 23:37:08 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.02 23:37:00 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.07.02 23:36:58 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.15 15:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.02.15 15:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.09.26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.26 22:57:00 | 003,822,544 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 03:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.27 19:34:49 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 19:34:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 19:34:49 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.26 16:47:21 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.09.26 16:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.23 14:33:32 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.12.23 14:33:29 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.08.21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.17 11:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.17 01:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.03.20 03:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 03:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2008.09.10 18:07:34 | 000,224,272 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.05.22 18:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 18:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 18:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.02.20 17:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 17:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 17:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV - [2013.02.15 15:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 5A 06 B4 EF 2D CD 01 [binary data] IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..\SearchScopes,DefaultScope = {DB5617B3-A0E6-42C7-B861-C3C32587178A} IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..\SearchScopes\{DB5617B3-A0E6-42C7-B861-C3C32587178A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7cf33de7-0870-433a-ba43-ae1db251ce38&apn_sauid=5551ABC8-3E4E-4810-8C43-D8214C957211 IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.26.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.08.17 16:43:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.17 16:43:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.08.17 16:43:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.17 16:43:42 | 000,000,000 | ---D | M] [2010.02.18 14:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2013.07.31 21:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\xjvxvrn6.default\extensions [2013.06.23 17:29:44 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\xjvxvrn6.default\extensions\toolbar@ask.com [2013.07.31 21:42:56 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\xjvxvrn6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.19 21:09:30 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\xjvxvrn6.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.08.23 16:16:51 | 000,002,413 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\xjvxvrn6.default\searchplugins\askcom.xml [2013.08.17 16:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.08.17 16:43:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000..\Run: [Akamai NetSession Interface] C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000..\Run: [wnooziiy] C:\Users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3898419253-953206828-1185156044-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DED8B9-B204-4323-9504-18536F3BD3DB}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\gopher - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0bf57a67-1bf3-11df-8e5c-00241dd8ef2b}\Shell - "" = AutoRun O33 - MountPoints2\{0bf57a67-1bf3-11df-8e5c-00241dd8ef2b}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{74d969a8-1be8-11df-84a2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74d969a8-1be8-11df-84a2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.23 22:25:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2013.08.23 20:56:19 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Vyqojbne [2013.08.17 16:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.08.14 18:18:40 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.08.14 18:18:40 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.08.14 18:18:40 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.08.14 18:18:18 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.08.14 18:18:17 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.08.14 18:18:17 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.08.14 18:18:17 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.08.14 18:18:16 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.08.14 18:18:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.08.14 18:18:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.08.14 18:18:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.08.14 18:18:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.08.14 18:18:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.08.14 18:18:14 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013.08.14 18:18:13 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013.08.14 18:18:12 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013.08.14 18:18:07 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.08.14 18:18:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.08.14 18:18:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.08.14 18:18:07 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.08.14 18:18:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.08.14 18:18:06 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.08.14 18:18:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.08.05 12:30:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Kalypso Media [2013.08.05 11:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.08.05 11:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.08.05 11:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam ========== Files - Modified Within 30 Days ========== [2013.08.23 22:25:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2013.08.23 21:48:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.08.23 13:06:54 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.23 13:06:54 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.23 12:59:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.23 12:59:19 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.08.15 01:30:57 | 001,813,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.08.15 01:30:57 | 000,764,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.08.15 01:30:57 | 000,708,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.08.15 01:30:57 | 000,177,184 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.08.15 01:30:57 | 000,143,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.08.08 12:25:01 | 000,001,508 | ---- | M] () -- C:\Users\Michael\Documents\cc_20130808_122451.reg [2013.08.05 12:29:49 | 001,769,390 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.08.05 12:12:34 | 000,000,222 | ---- | M] () -- C:\Users\Michael\Desktop\DARK.url [2013.08.05 11:59:33 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.07.25 11:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL ========== Files Created - No Company Name ========== [2013.08.08 12:24:56 | 000,001,508 | ---- | C] () -- C:\Users\Michael\Documents\cc_20130808_122451.reg [2013.08.05 12:12:34 | 000,000,222 | ---- | C] () -- C:\Users\Michael\Desktop\DARK.url [2013.08.05 11:59:33 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.11.21 19:19:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.11.21 19:19:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.11.21 19:19:30 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.08.31 18:09:45 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{FEBDAC6C-790E-4D9D-9732-5938A7A6295E} [2011.06.29 19:39:38 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat [2011.06.10 13:15:37 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{A2D25284-5868-4A74-ACA4-B35AF68DC7AE} [2011.03.17 20:11:20 | 000,007,602 | ---- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg [2010.09.06 14:13:35 | 000,000,680 | RHS- | C] () -- C:\Users\Michael\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.07.16 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FOG Downloader [2012.04.25 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FUJIFILM [2013.08.05 12:31:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Kalypso Media [2013.06.02 16:37:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient [2010.05.17 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Magic Set Editor [2010.03.22 18:59:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2012.03.12 00:19:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mount&Blade [2012.06.14 17:55:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenCandy [2012.06.14 18:58:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pdfforge [2010.05.05 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Stellarium [2013.08.05 11:54:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client [2013.08.23 20:56:19 | 000,000,000 | -H-D | M] -- C:\Users\Michael\AppData\Roaming\Vyqojbne ========== Purity Check ========== < End of report > Und Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 23.08.2013 22:25:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,03% Memory free
8,00 Gb Paging File | 6,16 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 69,73 Gb Free Space | 46,79% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 91,63 Gb Free Space | 61,48% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-ARLT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E62DDB-B48B-4B1A-8F05-3D8754A0E0DB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{096B45A3-7A97-4545-8BB7-979177CDC7D5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A0A94F2-F3E8-4BF1-9DAB-3C7C7692D1E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1F10B915-8998-4E68-82A6-8353E66140D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21855EC9-BF5A-4843-B8B1-AEE22BD4A7C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23DD1818-B1BF-4D47-A6B8-B42635FFEE00}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{24FD4249-D0EB-4167-9E8A-2F409BFAC8BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A750BAA-0E7D-4E07-8133-A9A9B7019993}" = lport=138 | protocol=17 | dir=in | app=system |
"{379A6996-7B5E-479B-B404-9800F12A2287}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41076EF8-BA62-4CC9-B7C7-6D020CE8C031}" = lport=139 | protocol=6 | dir=in | app=system |
"{50A648FE-C7DE-4185-9BAE-D36C29886E29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FE612EA-B5F3-406A-BCE7-011CD0C94F91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60E497BB-6DAC-49D7-A4E5-FFF2DDF80D89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6108D351-3EA5-4D53-9616-2BB6FA238CB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67CFE214-57DA-4B17-BC74-0B2DB1F13FE7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{791EB3A8-52B0-449C-AE7C-64B25B37103A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89C81E5C-4D21-4E97-B6C4-76263CADF9C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8AB7D6B5-B963-42B8-8979-7247D1CF7BFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94E92C95-833A-4FC0-A3B9-B5C441ECA567}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F1763D8-C7DD-4AFF-9EFC-BAD5E6CD7412}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8BB3114-A5D2-467D-865D-072DD22436EC}" = rport=445 | protocol=6 | dir=out | app=system |
"{AA882F5F-EE15-415C-906C-3E9A6046EC6C}" = lport=445 | protocol=6 | dir=in | app=system |
"{B75D5C42-4DAB-45AA-B7DF-1E7365E9ACE9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B7B7F594-07D7-4DB9-A52E-7551FD702699}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C305C2A9-372E-4585-8486-374FF9213E59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF44F838-275C-4CB0-9FBA-B390920635AD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC1D3E9E-E931-430D-B172-454186AC3345}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F28EAE88-55B6-4E06-BAEE-FE56318783BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F31E6860-4308-4C33-9905-AA8F6DB232E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F322B1B7-17D9-4A2F-B500-9CC0B82F00C9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F87820C1-D94D-4624-831B-6C7EFE11C489}" = rport=137 | protocol=17 | dir=out | app=system |
"{FEBE8CC0-1A38-4EED-8CEC-67CB74AEE620}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06764615-E6DD-40D5-937D-15C061C798EB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08558415-3204-4C8A-AA17-4EE35126BA5D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E83B57F-C865-4F73-A2C1-C6FED43681AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0F27560A-20B1-47F8-9F06-2B2A64F55B19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark\darkapp.exe |
"{12D2C2D3-3F33-457B-8494-BB96ED720F12}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1489B026-DCA5-4C55-B640-1300F81727A7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14CA4CF6-CDC2-4C3C-BBE9-A423937D0D78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CD4CC83-8328-4665-99B4-43B127E9A223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C830C65-38AA-4AAC-BFF0-024558F2B464}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3543458D-F971-4786-BFFD-5B5A1B667471}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36C272F9-849D-4718-B929-F18CAB2FDFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark\darkapp.exe |
"{410FEC6F-4309-4878-AE79-89263656E1BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6290A167-C407-4293-9498-0AE8AC47ED92}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{656185FC-8EF1-4E74-A0C5-615668840CFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B2D7E8A-6561-452C-94CF-0C87B850D69D}" = protocol=6 | dir=out | app=system |
"{70111C49-DF57-4FB6-A3CC-F48EF76397C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{822221D2-F326-4F0E-BA06-8BE9EA251469}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89F24DAA-4A8A-4D5B-A1EA-F4BE27B83DD2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8DE07592-C37E-417F-B698-3A95D04135D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9893249D-AC4B-4426-AFC5-8DDC0C62B640}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A099B77-082F-4E05-B111-3D6957BA76B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DBE27FE-93F7-4E9C-9C52-CDBABA51B681}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A332F3D1-9420-4260-92C5-3A70A25461E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A84ED948-9D98-4706-821B-43801D39550B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B7C41EAD-64ED-42B4-8DA5-DD0479CAD7CE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C7717C6F-C5FD-42B7-8C5A-7B4AAABF3C37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA5E52EB-8B7C-4E25-B604-85E629728F79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC001EC9-BD1B-4D6B-93DA-246574491107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD62BBCC-3618-49D4-A5FC-2A94C8B8ED5A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D466D21C-C3B3-430D-A0DE-26922022E63F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7CCD7B2-C617-47F9-9336-D37B2F3367DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBE4C3B7-62DA-4B42-ACC0-DC8DBE80AFCC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5E63872-25DE-4556-93D3-2B5B9882D147}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E81DDA60-AB3B-4DD6-B3F4-36AC0B65950D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2F04E89-49FA-4F7D-8F03-7C730D387886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F779FEA0-C971-4923-A160-36A51E2DE4C5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FFD585BF-6E74-418E-93F5-CB2A6681D5DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{23130823-7A3F-4880-B5E4-1D0D118D998F}D:\witcher\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\witcher\the witcher 2\bin\witcher2.exe |
"TCP Query User{311B6C7F-8C2C-4C8D-9C38-7F3ED1CBEEBA}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5737888C-8C03-41DD-A8D9-856548F7D056}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"TCP Query User{751A8D8A-97AE-45F5-8F90-6C42A92D762B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{8702E487-94CF-4D5C-9784-AB6B7C100B56}D:\witcher\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\witcher\the witcher 2\bin\witcher2.exe |
"TCP Query User{929C54FD-EE92-415F-90C0-60A6136FD2DA}D:\anno\anno1701.exe" = protocol=6 | dir=in | app=d:\anno\anno1701.exe |
"TCP Query User{EC1234C5-06D7-49B1-90A0-BEA024088C5B}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{23C7EFB5-C92B-4925-AD2B-B8C572F13FE9}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{5C9FB28D-9A47-4A32-8C35-74A90DC787FB}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6BACB6E5-51FE-4C63-A468-3761C613D871}D:\witcher\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\witcher\the witcher 2\bin\witcher2.exe |
"UDP Query User{75622FA9-3D04-40B9-BA1F-8AF8DB2A041A}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8F108369-07F8-43B0-B0FC-E8B2C4AA177C}D:\witcher\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\witcher\the witcher 2\bin\witcher2.exe |
"UDP Query User{A69F236D-9D24-4077-AAD7-B59161AA2578}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{B6B501F8-C149-4C85-8FF0-4BD7E1E4C877}D:\anno\anno1701.exe" = protocol=17 | dir=in | app=d:\anno\anno1701.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B68D39D-C167-DA59-587A-5143B0FF3458}" = Catalyst Control Center InstallProxy
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD9D0827-A6D6-4E2C-B31E-23F01577E27B}" = BlueStacks Notification Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlueStacks App Player" = BlueStacks App Player
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"G I - Die Welt der Verurteilten (mit neuen Texturen)" = G I - Die Welt der Verurteilten (mit neuen Texturen)
"Guild Wars 2" = Guild Wars 2
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.8 beta
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 225360" = DARK
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition Version 3.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3898419253-953206828-1185156044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Akamai" = Akamai NetSession Interface
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.07.2012 11:44:26 | Computer Name = Michael-ARLT | Source = Windows Activation Technologies | ID = 14
Description = Fehler bei der Echtheitsprüfung: hr = 0x8007045A
Error - 29.07.2012 16:26:28 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 838 Startzeit: 01cd6dac985bde77 Endzeit: 28 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: a7394e48-d9bb-11e1-9426-001a4f488afb
Error - 02.08.2012 06:44:45 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b58 Startzeit:
01cd709a3b002752 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0febb5a0-dc8f-11e1-9437-001a4f488afb
Error - 09.08.2012 13:33:30 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm Gothic2.exe, Version 2.6.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c28 Startzeit:
01cd763f726821aa Endzeit: 0 Anwendungspfad: D:\JoWooD\Gothic II\System\Gothic2.exe
Berichts-ID:
Error - 12.08.2012 11:04:18 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm update.exe, Version 11.11.14.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bc0 Startzeit:
01cd789bab83ec22 Endzeit: 9 Anwendungspfad: D:\Cabal\update.exe Berichts-ID: f8fd6796-e48e-11e1-b6ce-001a4f488afb
Error - 13.08.2012 09:33:23 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cd0 Startzeit:
01cd79478bf84e32 Endzeit: 44 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
699ebd9b-e54b-11e1-b6c1-001a4f488afb
Error - 15.08.2012 12:23:23 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm update.exe, Version 11.11.14.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 132c Startzeit:
01cd7b022f78d22f Endzeit: 3 Anwendungspfad: D:\Cabal\update.exe Berichts-ID: 83ef0a74-e6f5-11e1-ac3d-001a4f488afb
Error - 16.08.2012 08:59:41 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1254 Startzeit:
01cd7ba330739397 Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
34ea9496-e7a2-11e1-b722-001a4f488afb
Error - 26.08.2012 14:38:36 | Computer Name = Michael-ARLT | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 334 Startzeit:
01cd83b925567bb4 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0c74afcf-efad-11e1-a5a3-001a4f488afb
Error - 06.09.2012 12:25:02 | Computer Name = Michael-ARLT | Source = VSS | ID = 8194
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
8285 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5935 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5660
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5622
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5376 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 23.08.2013 16:30:30 | Computer Name = Michael-ARLT | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5311 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ System Events ]
Error - 19.08.2013 05:56:17 | Computer Name = Michael-ARLT | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters
wurde ermittelt.
Error - 19.08.2013 06:13:36 | Computer Name = Michael-ARLT | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.27 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 20.08.2013 08:12:53 | Computer Name = Michael-ARLT | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 20.08.2013 10:44:08 | Computer Name = Michael-ARLT | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 20.08.2013 12:13:46 | Computer Name = Michael-ARLT | Source = bowser | ID = 8003
Description =
Error - 21.08.2013 05:39:57 | Computer Name = Michael-ARLT | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.08.2013 08:01:20 | Computer Name = Michael-ARLT | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.08.2013 12:08:55 | Computer Name = Michael-ARLT | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 23.08.2013 06:59:35 | Computer Name = Michael-ARLT | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 23.08.2013 07:35:26 | Computer Name = Michael-ARLT | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.27 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
Eine Frage off-topic: Wie erlangt man eigentlich die notwendigen Kompetenzen um bei solchen Fragen weiterhelfen zu können? |
|
23.08.2013, 22:03
| #2 | ||
| /// TB-Ausbilder   | Zahlungsaufforderung MS-Dos file geöffnet Hallo,
__________________Zitat:
Zitat:
Schritt 1 Scan mit Combofix
Schritt 2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste in deiner nächsten Antwort:
__________________ |
|
24.08.2013, 11:47
| #3 |
| | Zahlungsaufforderung MS-Dos file geöffnet Vielen Dank für die schnelle Antwort.
__________________Hier ist das Combofix-Log: Combofix meckerte tatsächlich uber Avira, obwohl dieses angezeigt hatte, dass es ausgeschaltet war. Code:
ATTFilter ComboFix 13-08-22.01 - Michael 24.08.2013 10:54:20.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.3391 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\hlpqf.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-24 bis 2013-08-24 ))))))))))))))))))))))))))))))
.
.
2013-08-24 08:58 . 2013-08-24 08:58 -------- d-----w- c:\users\Lernen\AppData\Local\temp
2013-08-24 08:58 . 2013-08-24 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-23 18:56 . 2013-08-23 18:56 -------- d--h--w- c:\users\Michael\AppData\Roaming\Vyqojbne
2013-08-05 10:30 . 2013-08-05 10:31 -------- d-----w- c:\users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 09:59 . 2013-08-05 14:59 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-08-05 09:59 . 2013-08-19 16:42 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 23:26 . 2010-02-19 16:07 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-14 10:27 . 2012-09-10 09:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 10:27 . 2011-05-26 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-14 16:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-02 21:37 . 2013-05-09 19:37 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-05 03:34 . 2013-07-10 14:24 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 14:15 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 14:15 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Michael\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"wnooziiy"="c:\users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe" [2013-08-23 143516]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-02 345144]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R1 pjgzbimg;pjgzbimg;c:\windows\system32\drivers\pjgzbimg.sys;c:\windows\SYSNATIVE\drivers\pjgzbimg.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\DRIVERS\ISASerial.sys;c:\windows\SYSNATIVE\DRIVERS\ISASerial.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys;c:\windows\SYSNATIVE\DRIVERS\nmserial.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\DRIVERS\PciIsaSerial.sys;c:\windows\SYSNATIVE\DRIVERS\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PciSPorts.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\DRIVERS\PPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PPorts.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\DRIVERS\SPorts.sys;c:\windows\SYSNATIVE\DRIVERS\SPorts.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\Michael\AppData\Local\Temp\00176C5.tmp;c:\users\Michael\AppData\Local\Temp\00176C5.tmp [x]
R3 X6va002;X6va002;c:\users\Michael\AppData\Local\Temp\00223A9.tmp;c:\users\Michael\AppData\Local\Temp\00223A9.tmp [x]
R3 X6va003;X6va003;c:\users\Michael\AppData\Local\Temp\00367E9.tmp;c:\users\Michael\AppData\Local\Temp\00367E9.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-hlpqf - c:\users\Michael\AppData\Roaming\hlpqf.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00176C5.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00223A9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00367E9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3898419253-953206828-1185156044-1000\Software\SecuROM\License information*]
"datasecu"=hex:b6,e5,d1,b1,bd,ac,55,77,08,29,0e,6c,0b,42,a9,d3,83,3f,92,3b,81,
55,d9,53,22,2c,2b,ee,8a,f3,88,df,c3,21,0c,b4,f4,24,3d,10,2d,38,b9,5a,ac,09,\
"rkeysecu"=hex:9d,50,b6,f5,15,8b,55,67,0f,ec,88,0f,95,21,d1,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-24 11:01:09
ComboFix-quarantined-files.txt 2013-08-24 09:01
.
Vor Suchlauf: 9 Verzeichnis(se), 74.862.186.496 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 74.804.748.288 Bytes frei
.
- - End Of File - - C883BD71D9D6F8339F2B8E96439237B7
A36C5E4F47E84449FF07ED3517B43A31
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01
Ran by Michael (administrator) on 24-08-2013 12:29:45
Running from C:\Users\Michael\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [wnooziiy] - C:\Users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe [143516 2013-08-23] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKU\Lernen\...\Run: [VeohPlugin] - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [x]
HKU\Lernen\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Lernen\...\Policies\system: [LogonHoursAction] 2
HKU\Lernen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {DB5617B3-A0E6-42C7-B861-C3C32587178A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7cf33de7-0870-433a-ba43-ae1db251ce38&apn_sauid=5551ABC8-3E4E-4810-8C43-D8214C957211
SearchScopes: HKCU - {DB5617B3-A0E6-42C7-B861-C3C32587178A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7cf33de7-0870-433a-ba43-ae1db251ce38&apn_sauid=5551ABC8-3E4E-4810-8C43-D8214C957211
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\searchplugins\askcom.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\Extensions\toolbar@ask.com
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3822544 2010-01-26] (INCA Internet Co., Ltd.)
==================== Drivers (Whitelisted) ====================
S3 ahcix64s; C:\Windows\system32\DRIVERS\ahcix64s.sys [224272 2008-09-10] (AMD Technologies Inc.)
S3 amdide64; C:\Windows\system32\DRIVERS\amdide64.sys [10632 2007-10-12] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
S3 ISASerial; C:\Windows\system32\DRIVERS\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-23] ()
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
S3 nvamacpi; C:\Windows\system32\DRIVERS\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
S3 PciIsaSerial; C:\Windows\system32\DRIVERS\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\DRIVERS\PciPPorts.sys [95744 2008-05-22] ()
S3 PciSPorts; C:\Windows\system32\DRIVERS\PciSPorts.sys [126464 2008-05-22] ()
S3 PPorts; C:\Windows\system32\DRIVERS\PPorts.sys [95744 2008-02-20] ()
S3 SPorts; C:\Windows\system32\DRIVERS\SPorts.sys [124416 2008-02-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NmPar; \SystemRoot\system32\DRIVERS\NmPar.sys [x]
S3 nmserial; \SystemRoot\system32\DRIVERS\nmserial.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S1 pjgzbimg; \??\C:\Windows\system32\drivers\pjgzbimg.sys [x]
S3 X6va001; \??\C:\Users\Michael\AppData\Local\Temp\00176C5.tmp [x]
S3 X6va002; \??\C:\Users\Michael\AppData\Local\Temp\00223A9.tmp [x]
S3 X6va003; \??\C:\Users\Michael\AppData\Local\Temp\00367E9.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-24 11:14 - 2013-08-24 11:14 - 00000552 _____ C:\Windows\PFRO.log
2013-08-24 11:01 - 2013-08-24 11:01 - 00016529 _____ C:\ComboFix.txt
2013-08-24 10:52 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 10:52 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 10:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 10:46 - 2013-08-24 11:01 - 00000000 ____D C:\Qoobox
2013-08-24 10:46 - 2013-08-24 10:59 - 00000000 ____D C:\Windows\erdnt
2013-08-24 10:40 - 2013-08-24 10:40 - 01576584 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2013-08-24 10:39 - 2013-08-24 10:34 - 05111180 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2013-08-23 22:25 - 2013-08-23 22:25 - 00602112 _____ (OldTimer Tools) C:\Users\Michael\Desktop\OTL.exe
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ___HD C:\Users\Michael\AppData\Roaming\Vyqojbne
2013-08-17 16:43 - 2013-08-17 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 18:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:18 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:18 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:18 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:18 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:18 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:18 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:18 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:18 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:18 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:18 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:18 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:18 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-08 14:51 - 2013-08-08 14:51 - 00002974 _____ C:\Windows\System32\Tasks\{6284E296-FC04-40F0-91DF-FE2443C3E7A1}
2013-08-08 12:24 - 2013-08-08 12:25 - 00001508 _____ C:\Users\Michael\Documents\cc_20130808_122451.reg
2013-08-05 12:30 - 2013-08-05 12:31 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 12:23 - 2013-08-05 12:24 - 00018549 _____ C:\Windows\DirectX.log
2013-08-05 12:12 - 2013-08-05 12:12 - 00000222 _____ C:\Users\Michael\Desktop\DARK.url
2013-08-05 11:59 - 2013-08-19 18:42 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-05 11:59 - 2013-08-05 11:59 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-01 17:42 - 2013-08-01 19:43 - 00000000 _____ C:\Windows\avmfwlanci1.log
==================== One Month Modified Files and Folders =======
2013-08-24 12:29 - 2013-08-24 12:29 - 00000000 ____D C:\FRST
2013-08-24 11:48 - 2012-09-10 11:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 11:26 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 11:26 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 11:24 - 2010-02-17 19:21 - 01963981 _____ C:\Windows\WindowsUpdate.log
2013-08-24 11:17 - 2013-05-11 22:30 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner
2013-08-24 11:14 - 2013-08-24 11:14 - 00000552 _____ C:\Windows\PFRO.log
2013-08-24 11:14 - 2013-07-16 13:03 - 00006048 _____ C:\Windows\setupact.log
2013-08-24 11:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 11:01 - 2013-08-24 11:01 - 00016529 _____ C:\ComboFix.txt
2013-08-24 11:01 - 2013-08-24 10:46 - 00000000 ____D C:\Qoobox
2013-08-24 10:59 - 2013-08-24 10:46 - 00000000 ____D C:\Windows\erdnt
2013-08-24 10:58 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-24 10:40 - 2013-08-24 10:40 - 01576584 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2013-08-24 10:34 - 2013-08-24 10:39 - 05111180 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2013-08-23 22:34 - 2013-07-16 14:02 - 00622906 _____ C:\Windows\avmfwlanci.log
2013-08-23 22:25 - 2013-08-23 22:25 - 00602112 _____ (OldTimer Tools) C:\Users\Michael\Desktop\OTL.exe
2013-08-23 21:07 - 2010-02-17 21:37 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ___HD C:\Users\Michael\AppData\Roaming\Vyqojbne
2013-08-23 19:13 - 2011-06-28 18:23 - 00000000 ____D C:\Users\Michael\AppData\Local\PMB Files
2013-08-23 19:13 - 2011-06-28 18:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-23 16:13 - 2013-07-24 19:48 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2013-08-21 11:48 - 2010-12-27 20:42 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2013-08-21 11:48 - 2010-12-27 20:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 18:42 - 2013-08-05 11:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-19 11:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 16:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 15:23 - 2012-05-04 15:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 16:43 - 2013-08-17 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 01:33 - 2010-02-22 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 01:30 - 2009-07-14 19:58 - 00764916 _____ C:\Windows\system32\perfh007.dat
2013-08-15 01:30 - 2009-07-14 19:58 - 00177184 _____ C:\Windows\system32\perfc007.dat
2013-08-15 01:30 - 2009-07-14 07:13 - 01813488 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 01:28 - 2013-07-16 00:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:26 - 2010-02-19 18:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-08 14:51 - 2013-08-08 14:51 - 00002974 _____ C:\Windows\System32\Tasks\{6284E296-FC04-40F0-91DF-FE2443C3E7A1}
2013-08-08 12:25 - 2013-08-08 12:24 - 00001508 _____ C:\Users\Michael\Documents\cc_20130808_122451.reg
2013-08-05 12:31 - 2013-08-05 12:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 12:29 - 2011-06-29 19:38 - 01769390 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-05 12:24 - 2013-08-05 12:23 - 00018549 _____ C:\Windows\DirectX.log
2013-08-05 12:12 - 2013-08-05 12:12 - 00000222 _____ C:\Users\Michael\Desktop\DARK.url
2013-08-05 11:59 - 2013-08-05 11:59 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-05 11:59 - 2010-02-17 20:32 - 00000000 ____D C:\Users\Michael
2013-08-05 11:54 - 2011-09-08 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client
2013-08-01 19:43 - 2013-08-01 17:42 - 00000000 _____ C:\Windows\avmfwlanci1.log
2013-07-25 11:25 - 2013-08-14 18:18 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 18:18 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-23 14:04
==================== End Of Log ============================
--- --- --- --- --- --- Und Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013 01
Ran by Michael at 2013-08-24 12:30:49
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Age of Mythology - The Titans Expansion (x32)
Age of Mythology (x32)
Akamai NetSession Interface (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Anno 1701 (x32 Version: 1.02)
Apple Application Support (x32 Version: 2.1.5)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.26.0)
ATI Catalyst Registration (x32 Version: 3.00.0000)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268)
AVM FRITZ!WLAN (x32)
BlueStacks App Player (x32 Version: 0.7.9.860)
BlueStacks Notification Center (x32 Version: 0.7.9.860)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
DARK (x32)
Der Herr der Ringe® - Die Eroberung™ (x32 Version: 1.0.0.1)
EA Download Manager (x32 Version: 4.0.0.455)
eaner (Version: 3.24)
Empire Earth (x32)
FUJIFILM FinePixViewer S Ver.2.1 (x32 Version: 2.1.0.3)
G I - Die Welt der Verurteilten (mit neuen Texturen) (x32 Version: 1.03)
Gothic (x32)
Gothic III (x32 Version: 1.00.0000)
Guild Wars 2 (x32)
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (x32 Version: 1)
League of Legends (x32 Version: 1.3)
Magic Set Editor 2 - 0.3.8 beta (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.2.3042.00)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.09.0203)
Pando Media Booster (x32 Version: 2.6.0.9)
PDFCreator (x32 Version: 1.4.0)
QuickTime (x32 Version: 7.71.80.42)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5897)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
Risen (x32 Version: 1.00.0000)
Skype™ 6.6 (x32 Version: 6.6.106)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
The Witcher 2 Enhanced Edition Version 3.0 (x32 Version: 3.0)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.2.3042.00)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
WinRAR 4.00 (64-Bit) (Version: 4.00.0)
==================== Restore Points =========================
23-08-2013 12:11:38 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-08-24 10:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2AB3384C-2FF0-4C23-9A5B-E0E34BD97FF6} - System32\Tasks\{9953C9CD-1874-463F-A968-E08AF85C2610} => C:\Program Files (x86)\Gothic III\gothic3.exe No File
Task: {3ABBCDCE-901B-483A-95BF-5397425ACE5C} - System32\Tasks\{BC305D93-EC27-41F0-8FD3-86705E66B606} => C:\Program Files (x86)\Gothic III\gothic3.exe No File
Task: {4E107A62-24D9-47E1-892D-EF15056A135F} - System32\Tasks\{A48759F9-9ACC-4FC4-B688-F2760FF4B6EE} => C:\Program Files (x86)\JoWooD\Gothic II\System\GothicStarter.exe No File
Task: {5603AE07-ADF7-42E5-9C7D-728A56DB60F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {5F185FF2-D865-40C4-96E5-32C967BF25B0} - System32\Tasks\{842C1161-A342-40DA-BF60-09E4CFFEB5CB} => C:\Program Files (x86)\JoWooD\Gothic II\UNWISE.EXE No File
Task: {60E00A76-1BB1-4B13-80DD-493F4C5B2073} - System32\Tasks\{49FF21F8-D68E-4E3D-A007-8B9823704EE2} => D:\PiranhaBytes\Gothic\system\GOTHIC.EXE [2006-01-12] (Piranha Bytes)
Task: {711A67AF-0106-4B63-A445-F8D92285FFC7} - System32\Tasks\{9C47BF3C-40AD-48E9-9ABE-B67BEDC8AA7F} => D:\PiranhaBytes\Gothic\system\GOTHIC.EXE [2006-01-12] (Piranha Bytes)
Task: {713FF649-0911-4668-9BA8-3AA620B571A0} - System32\Tasks\{70D1FED3-CA9B-4024-B861-E2C7E9239BB9} => D:\JoWooD\Gothic II\System\GothicStarter.exe [2007-06-05] (Piranha Bytes)
Task: {9C83A4B7-F7B8-456F-8E1D-55922E4EAFB6} - System32\Tasks\{FCF528E2-71A3-4EAB-8F30-9C1B91C276AB} => C:\Program Files (x86)\Gothic III\gothic3.exe No File
Task: {A047194D-1560-42BC-B430-F6745483B67B} - System32\Tasks\{6A6985AE-C995-4C1C-8BF5-27C40BCEAABF} => D:\PiranhaBytes\Gothic II\System\Gothic2.exe No File
Task: {A0BBCC0D-31DC-4D09-8553-CF0C69A0A009} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {C6C5783A-3CF0-4CCE-8D03-2BD6A69EEC07} - System32\Tasks\{41666581-F4FE-47BB-BCD9-33AE90D09509} => C:\Users\Michael\Downloads\Velaya_1.1.exe [2011-08-31] (Schreiberling und Sektenspinner)
Task: {E0340227-DCEC-4649-AB56-7F5E7BEF880F} - System32\Tasks\{F9E3662C-8E8A-4521-AB7A-FAD0B84B64F2} => C:\Users\Michael\Downloads\Velaya_1.1.exe [2011-08-31] (Schreiberling und Sektenspinner)
Task: {E76D8F3B-138D-456F-A25B-374DBC7603EF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {EE60407B-18FF-4C54-933C-D57F2679820D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {F18C3195-8A6D-4029-8674-F3D7797AC01F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3898419253-953206828-1185156044-1001
Task: {F1F2EBFF-6E53-44B6-91A9-CCCC0E977BFE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3898419253-953206828-1185156044-1000
Task: {F4941D28-D47A-4773-BFA1-FCBB119C7E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {FA29B7EC-F404-4D46-8AFC-F8FA9CEF5CC2} - System32\Tasks\{6284E296-FC04-40F0-91DF-FE2443C3E7A1} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-04-24] ()
Task: {FA93BD71-235F-4D53-8668-6BFCFFE08FFF} - System32\Tasks\{A6361265-76A1-4030-8A62-94354B97447F} => C:\Program Files (x86)\JoWooD\Gothic III - Forsaken Gods\Gothic III - Götterdämmerung.exe No File
Task: {FB9A71BB-E1CD-4ED6-8104-E3D2FF8C89D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/24/2013 11:14:32 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/24/2013 10:52:40 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).
Error: (08/24/2013 10:52:40 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (08/24/2013 10:52:40 AM) (Source: VSS) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (08/23/2013 00:59:35 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/22/2013 06:08:55 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/22/2013 02:01:20 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/21/2013 11:39:57 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/20/2013 04:44:08 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/20/2013 02:12:53 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (08/24/2013 11:20:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/24/2013 11:14:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (08/24/2013 10:58:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/24/2013 10:58:32 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/24/2013 10:57:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/24/2013 10:52:40 AM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (08/24/2013 10:44:58 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (08/24/2013 10:44:58 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (08/24/2013 10:44:25 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error: (08/24/2013 10:44:24 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-24 10:58:32.314
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-24 10:58:32.190
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-21 13:16:04.326
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-21 13:16:04.311
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-20 19:15:48.236
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-20 19:15:48.220
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 4094.49 MB
Available physical RAM: 2379.84 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 6309.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:69.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.05 GB) (Free:91.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F69002AD)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
24.08.2013, 11:53
| #4 |
| | Zahlungsaufforderung MS-Dos file geöffnet Vielen Dank für die schnelle Antwort. Hier ist das Combofix-Log: Code:
ATTFilter ComboFix 13-08-22.01 - Michael 24.08.2013 10:54:20.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.3391 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\hlpqf.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-24 bis 2013-08-24 ))))))))))))))))))))))))))))))
.
.
2013-08-24 08:58 . 2013-08-24 08:58 -------- d-----w- c:\users\Lernen\AppData\Local\temp
2013-08-24 08:58 . 2013-08-24 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-23 18:56 . 2013-08-23 18:56 -------- d--h--w- c:\users\Michael\AppData\Roaming\Vyqojbne
2013-08-05 10:30 . 2013-08-05 10:31 -------- d-----w- c:\users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 09:59 . 2013-08-05 14:59 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-08-05 09:59 . 2013-08-19 16:42 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 23:26 . 2010-02-19 16:07 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-14 10:27 . 2012-09-10 09:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 10:27 . 2011-05-26 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-14 16:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-02 21:37 . 2013-05-09 19:37 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-05 03:34 . 2013-07-10 14:24 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 14:15 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 14:15 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Michael\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"wnooziiy"="c:\users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe" [2013-08-23 143516]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-02 345144]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R1 pjgzbimg;pjgzbimg;c:\windows\system32\drivers\pjgzbimg.sys;c:\windows\SYSNATIVE\drivers\pjgzbimg.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\DRIVERS\ISASerial.sys;c:\windows\SYSNATIVE\DRIVERS\ISASerial.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys;c:\windows\SYSNATIVE\DRIVERS\nmserial.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\DRIVERS\PciIsaSerial.sys;c:\windows\SYSNATIVE\DRIVERS\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PciSPorts.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\DRIVERS\PPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PPorts.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\DRIVERS\SPorts.sys;c:\windows\SYSNATIVE\DRIVERS\SPorts.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\Michael\AppData\Local\Temp\00176C5.tmp;c:\users\Michael\AppData\Local\Temp\00176C5.tmp [x]
R3 X6va002;X6va002;c:\users\Michael\AppData\Local\Temp\00223A9.tmp;c:\users\Michael\AppData\Local\Temp\00223A9.tmp [x]
R3 X6va003;X6va003;c:\users\Michael\AppData\Local\Temp\00367E9.tmp;c:\users\Michael\AppData\Local\Temp\00367E9.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-hlpqf - c:\users\Michael\AppData\Roaming\hlpqf.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00176C5.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00223A9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00367E9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3898419253-953206828-1185156044-1000\Software\SecuROM\License information*]
"datasecu"=hex:b6,e5,d1,b1,bd,ac,55,77,08,29,0e,6c,0b,42,a9,d3,83,3f,92,3b,81,
55,d9,53,22,2c,2b,ee,8a,f3,88,df,c3,21,0c,b4,f4,24,3d,10,2d,38,b9,5a,ac,09,\
"rkeysecu"=hex:9d,50,b6,f5,15,8b,55,67,0f,ec,88,0f,95,21,d1,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-24 11:01:09
ComboFix-quarantined-files.txt 2013-08-24 09:01
.
Vor Suchlauf: 9 Verzeichnis(se), 74.862.186.496 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 74.804.748.288 Bytes frei
.
- - End Of File - - C883BD71D9D6F8339F2B8E96439237B7
A36C5E4F47E84449FF07ED3517B43A31
FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01
Ran by Michael (administrator) on 24-08-2013 12:29:45
Running from C:\Users\Michael\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [wnooziiy] - C:\Users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe [143516 2013-08-23] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-30] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKU\Lernen\...\Run: [VeohPlugin] - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [x]
HKU\Lernen\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Lernen\...\Policies\system: [LogonHoursAction] 2
HKU\Lernen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {DB5617B3-A0E6-42C7-B861-C3C32587178A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7cf33de7-0870-433a-ba43-ae1db251ce38&apn_sauid=5551ABC8-3E4E-4810-8C43-D8214C957211
SearchScopes: HKCU - {DB5617B3-A0E6-42C7-B861-C3C32587178A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7cf33de7-0870-433a-ba43-ae1db251ce38&apn_sauid=5551ABC8-3E4E-4810-8C43-D8214C957211
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\searchplugins\askcom.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\Extensions\toolbar@ask.com
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-15] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-15] (BlueStack Systems, Inc.)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3822544 2010-01-26] (INCA Internet Co., Ltd.)
==================== Drivers (Whitelisted) ====================
S3 ahcix64s; C:\Windows\system32\DRIVERS\ahcix64s.sys [224272 2008-09-10] (AMD Technologies Inc.)
S3 amdide64; C:\Windows\system32\DRIVERS\amdide64.sys [10632 2007-10-12] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-15] (BlueStack Systems)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
S3 ISASerial; C:\Windows\system32\DRIVERS\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-23] ()
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
S3 nvamacpi; C:\Windows\system32\DRIVERS\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
S3 PciIsaSerial; C:\Windows\system32\DRIVERS\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\DRIVERS\PciPPorts.sys [95744 2008-05-22] ()
S3 PciSPorts; C:\Windows\system32\DRIVERS\PciSPorts.sys [126464 2008-05-22] ()
S3 PPorts; C:\Windows\system32\DRIVERS\PPorts.sys [95744 2008-02-20] ()
S3 SPorts; C:\Windows\system32\DRIVERS\SPorts.sys [124416 2008-02-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NmPar; \SystemRoot\system32\DRIVERS\NmPar.sys [x]
S3 nmserial; \SystemRoot\system32\DRIVERS\nmserial.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S1 pjgzbimg; \??\C:\Windows\system32\drivers\pjgzbimg.sys [x]
S3 X6va001; \??\C:\Users\Michael\AppData\Local\Temp\00176C5.tmp [x]
S3 X6va002; \??\C:\Users\Michael\AppData\Local\Temp\00223A9.tmp [x]
S3 X6va003; \??\C:\Users\Michael\AppData\Local\Temp\00367E9.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-24 11:14 - 2013-08-24 11:14 - 00000552 _____ C:\Windows\PFRO.log
2013-08-24 11:01 - 2013-08-24 11:01 - 00016529 _____ C:\ComboFix.txt
2013-08-24 10:52 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 10:52 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 10:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 10:52 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 10:46 - 2013-08-24 11:01 - 00000000 ____D C:\Qoobox
2013-08-24 10:46 - 2013-08-24 10:59 - 00000000 ____D C:\Windows\erdnt
2013-08-24 10:40 - 2013-08-24 10:40 - 01576584 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2013-08-24 10:39 - 2013-08-24 10:34 - 05111180 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2013-08-23 22:25 - 2013-08-23 22:25 - 00602112 _____ (OldTimer Tools) C:\Users\Michael\Desktop\OTL.exe
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ___HD C:\Users\Michael\AppData\Roaming\Vyqojbne
2013-08-17 16:43 - 2013-08-17 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-14 18:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:18 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 18:18 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 18:18 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:18 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:18 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:18 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:18 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:18 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:18 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:18 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:18 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:18 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:18 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:18 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:18 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:18 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-08 14:51 - 2013-08-08 14:51 - 00002974 _____ C:\Windows\System32\Tasks\{6284E296-FC04-40F0-91DF-FE2443C3E7A1}
2013-08-08 12:24 - 2013-08-08 12:25 - 00001508 _____ C:\Users\Michael\Documents\cc_20130808_122451.reg
2013-08-05 12:30 - 2013-08-05 12:31 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 12:23 - 2013-08-05 12:24 - 00018549 _____ C:\Windows\DirectX.log
2013-08-05 12:12 - 2013-08-05 12:12 - 00000222 _____ C:\Users\Michael\Desktop\DARK.url
2013-08-05 11:59 - 2013-08-19 18:42 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-05 11:59 - 2013-08-05 11:59 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-01 17:42 - 2013-08-01 19:43 - 00000000 _____ C:\Windows\avmfwlanci1.log
==================== One Month Modified Files and Folders =======
2013-08-24 12:29 - 2013-08-24 12:29 - 00000000 ____D C:\FRST
2013-08-24 11:48 - 2012-09-10 11:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 11:26 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 11:26 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 11:24 - 2010-02-17 19:21 - 01963981 _____ C:\Windows\WindowsUpdate.log
2013-08-24 11:17 - 2013-05-11 22:30 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner
2013-08-24 11:14 - 2013-08-24 11:14 - 00000552 _____ C:\Windows\PFRO.log
2013-08-24 11:14 - 2013-07-16 13:03 - 00006048 _____ C:\Windows\setupact.log
2013-08-24 11:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 11:01 - 2013-08-24 11:01 - 00016529 _____ C:\ComboFix.txt
2013-08-24 11:01 - 2013-08-24 10:46 - 00000000 ____D C:\Qoobox
2013-08-24 10:59 - 2013-08-24 10:46 - 00000000 ____D C:\Windows\erdnt
2013-08-24 10:58 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-24 10:40 - 2013-08-24 10:40 - 01576584 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2013-08-24 10:34 - 2013-08-24 10:39 - 05111180 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2013-08-23 22:34 - 2013-07-16 14:02 - 00622906 _____ C:\Windows\avmfwlanci.log
2013-08-23 22:25 - 2013-08-23 22:25 - 00602112 _____ (OldTimer Tools) C:\Users\Michael\Desktop\OTL.exe
2013-08-23 21:07 - 2010-02-17 21:37 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-23 20:56 - 2013-08-23 20:56 - 00000000 ___HD C:\Users\Michael\AppData\Roaming\Vyqojbne
2013-08-23 19:13 - 2011-06-28 18:23 - 00000000 ____D C:\Users\Michael\AppData\Local\PMB Files
2013-08-23 19:13 - 2011-06-28 18:23 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-23 16:13 - 2013-07-24 19:48 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2013-08-21 11:48 - 2010-12-27 20:42 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2013-08-21 11:48 - 2010-12-27 20:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 18:42 - 2013-08-05 11:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-19 11:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 16:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 15:23 - 2012-05-04 15:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 16:43 - 2013-08-17 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 01:33 - 2010-02-22 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 01:30 - 2009-07-14 19:58 - 00764916 _____ C:\Windows\system32\perfh007.dat
2013-08-15 01:30 - 2009-07-14 19:58 - 00177184 _____ C:\Windows\system32\perfc007.dat
2013-08-15 01:30 - 2009-07-14 07:13 - 01813488 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 01:28 - 2013-07-16 00:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:26 - 2010-02-19 18:07 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-08 14:51 - 2013-08-08 14:51 - 00002974 _____ C:\Windows\System32\Tasks\{6284E296-FC04-40F0-91DF-FE2443C3E7A1}
2013-08-08 12:25 - 2013-08-08 12:24 - 00001508 _____ C:\Users\Michael\Documents\cc_20130808_122451.reg
2013-08-05 12:31 - 2013-08-05 12:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 12:29 - 2011-06-29 19:38 - 01769390 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-05 12:24 - 2013-08-05 12:23 - 00018549 _____ C:\Windows\DirectX.log
2013-08-05 12:12 - 2013-08-05 12:12 - 00000222 _____ C:\Users\Michael\Desktop\DARK.url
2013-08-05 11:59 - 2013-08-05 11:59 - 00000917 _____ C:\Users\Public\Desktop\Steam.lnk
2013-08-05 11:59 - 2010-02-17 20:32 - 00000000 ____D C:\Users\Michael
2013-08-05 11:54 - 2011-09-08 21:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client
2013-08-01 19:43 - 2013-08-01 17:42 - 00000000 _____ C:\Windows\avmfwlanci1.log
2013-07-25 11:25 - 2013-08-14 18:18 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 18:18 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-23 14:04
==================== End Of Log ============================
Und Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013 01
Ran by Michael at 2013-08-24 12:30:49
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Age of Mythology - The Titans Expansion (x32)
Age of Mythology (x32)
Akamai NetSession Interface (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Anno 1701 (x32 Version: 1.02)
Apple Application Support (x32 Version: 2.1.5)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.26.0)
ATI Catalyst Registration (x32 Version: 3.00.0000)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268)
AVM FRITZ!WLAN (x32)
BlueStacks App Player (x32 Version: 0.7.9.860)
BlueStacks Notification Center (x32 Version: 0.7.9.860)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2009.0925.1707.28889)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
DARK (x32)
Der Herr der Ringe® - Die Eroberung™ (x32 Version: 1.0.0.1)
EA Download Manager (x32 Version: 4.0.0.455)
eaner (Version: 3.24)
Empire Earth (x32)
FUJIFILM FinePixViewer S Ver.2.1 (x32 Version: 2.1.0.3)
G I - Die Welt der Verurteilten (mit neuen Texturen) (x32 Version: 1.03)
Gothic (x32)
Gothic III (x32 Version: 1.00.0000)
Guild Wars 2 (x32)
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (x32 Version: 1)
League of Legends (x32 Version: 1.3)
Magic Set Editor 2 - 0.3.8 beta (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.2.3042.00)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.09.0203)
Pando Media Booster (x32 Version: 2.6.0.9)
PDFCreator (x32 Version: 1.4.0)
QuickTime (x32 Version: 7.71.80.42)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5897)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
Risen (x32 Version: 1.00.0000)
Skype™ 6.6 (x32 Version: 6.6.106)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
The Witcher 2 Enhanced Edition Version 3.0 (x32 Version: 3.0)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.2.3042.00)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
WinRAR 4.00 (64-Bit) (Version: 4.00.0)
==================== Restore Points =========================
23-08-2013 12:11:38 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-08-24 10:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2AB3384C-2FF0-4C23-9A5B-E0E34BD97FF6} - System32\Tasks\{9953C9CD-1874-463F-A968-E08AF85C2610} => C:\Program Files (x86)\Gothic III\gothic3.exe No File
Task: {3ABBCDCE-901B-483A-95BF-5397425ACE5C} - System32\Tasks\{BC305D93-EC27-41F0-8FD3-86705E66B606} => C:\Program Files (x86)\Gothic III\gothic3.exe No File
Task: {4E107A62-24D9-47E1-892D-EF15056A135F} - System32\Tasks\{A48759F9-9ACC-4FC4-B688-F2760FF4B6EE} => C:\Program Files (x86)\JoWooD\Gothic II\System\GothicStarter.exe No File
Task: {5603AE07-ADF7-42E5-9C7D-728A56DB60F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {5F185FF2-D865-40C4-96E5-32C967BF25B0} - System32\Tasks\{842C1161-A342-40DA-BF60-09E4CFFEB5CB} => C:\Program Files (x86)\JoWooD\Gothic II\UNWISE.EXE No File
Task: {60E00A76-1BB1-4B13-80DD-493F4C5B2073} - System32\Tasks\{49FF21F8-D68E-4E3D-A007-8B9823704EE2} => D:\PiranhaBytes\Gothic\system\GOTHIC.EXE [2006-01-12] (Piranha Bytes)
Task: {711A67AF-0106-4B63-A445-F8D92285FFC7} - System32\Tasks\{9C47BF3C-40AD-48E9-9ABE-B67BEDC8AA7F} => D:\PiranhaBytes\Gothic\system\GOTHIC.EXE [2006-01-12] (Piranha Bytes)
Task: {713FF649-0911-4668-9BA8-3AA620B571A0} - System32\Tasks\{70D1FED3-CA9B-4024-B861-E2C7E9239BB9} => D:\JoWooD\Gothic II\System\GothicStarter.exe [2007-06-05] (Piranha Bytes)
Task: {9C83A4B7-F7B8-456F-8E1D-55922E4EAFB6} - System32\Tasks\{FCF528E2-71A3-4EAB-8F30-9C1B91C276AB} => C:\Program Files (x86)\Gothic III\gothic3.exe No File
Task: {A047194D-1560-42BC-B430-F6745483B67B} - System32\Tasks\{6A6985AE-C995-4C1C-8BF5-27C40BCEAABF} => D:\PiranhaBytes\Gothic II\System\Gothic2.exe No File
Task: {A0BBCC0D-31DC-4D09-8553-CF0C69A0A009} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {C6C5783A-3CF0-4CCE-8D03-2BD6A69EEC07} - System32\Tasks\{41666581-F4FE-47BB-BCD9-33AE90D09509} => C:\Users\Michael\Downloads\Velaya_1.1.exe [2011-08-31] (Schreiberling und Sektenspinner)
Task: {E0340227-DCEC-4649-AB56-7F5E7BEF880F} - System32\Tasks\{F9E3662C-8E8A-4521-AB7A-FAD0B84B64F2} => C:\Users\Michael\Downloads\Velaya_1.1.exe [2011-08-31] (Schreiberling und Sektenspinner)
Task: {E76D8F3B-138D-456F-A25B-374DBC7603EF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {EE60407B-18FF-4C54-933C-D57F2679820D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {F18C3195-8A6D-4029-8674-F3D7797AC01F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3898419253-953206828-1185156044-1001
Task: {F1F2EBFF-6E53-44B6-91A9-CCCC0E977BFE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3898419253-953206828-1185156044-1000
Task: {F4941D28-D47A-4773-BFA1-FCBB119C7E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {FA29B7EC-F404-4D46-8AFC-F8FA9CEF5CC2} - System32\Tasks\{6284E296-FC04-40F0-91DF-FE2443C3E7A1} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-04-24] ()
Task: {FA93BD71-235F-4D53-8668-6BFCFFE08FFF} - System32\Tasks\{A6361265-76A1-4030-8A62-94354B97447F} => C:\Program Files (x86)\JoWooD\Gothic III - Forsaken Gods\Gothic III - Götterdämmerung.exe No File
Task: {FB9A71BB-E1CD-4ED6-8104-E3D2FF8C89D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/24/2013 11:14:32 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/24/2013 10:52:40 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).
Error: (08/24/2013 10:52:40 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (08/24/2013 10:52:40 AM) (Source: VSS) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (08/23/2013 00:59:35 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/22/2013 06:08:55 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/22/2013 02:01:20 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/21/2013 11:39:57 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/20/2013 04:44:08 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (08/20/2013 02:12:53 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (08/24/2013 11:20:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/24/2013 11:14:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (08/24/2013 10:58:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/24/2013 10:58:32 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/24/2013 10:57:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/24/2013 10:52:40 AM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (08/24/2013 10:44:58 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (08/24/2013 10:44:58 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (08/24/2013 10:44:25 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error: (08/24/2013 10:44:24 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-24 10:58:32.314
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-24 10:58:32.190
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-21 13:16:04.326
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-21 13:16:04.311
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-20 19:15:48.236
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-02-20 19:15:48.220
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Gameforge4D\CABAL Online\GameGuard\dump_wmimmc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 4094.49 MB
Available physical RAM: 2379.84 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 6309.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:69.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.05 GB) (Free:91.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F69002AD)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
24.08.2013, 11:58
| #5 |
| /// TB-Ausbilder | Zahlungsaufforderung MS-Dos file geöffnet Da ist immer noch was: Combofix-Skript
__________________ cheers, Leo |
|
24.08.2013, 12:26
| #6 |
| | Zahlungsaufforderung MS-Dos file geöffnet So, hier ist der neue combofix-Log: Code:
ATTFilter ComboFix 13-08-22.01 - Michael 24.08.2013 13:17:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2799 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Michael\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\Vyqojbne
c:\users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-24 bis 2013-08-24 ))))))))))))))))))))))))))))))
.
.
2013-08-24 11:21 . 2013-08-24 11:21 -------- d-----w- c:\users\Lernen\AppData\Local\temp
2013-08-24 11:21 . 2013-08-24 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-24 10:29 . 2013-08-24 10:29 -------- d-----w- C:\FRST
2013-08-05 10:30 . 2013-08-05 10:31 -------- d-----w- c:\users\Michael\AppData\Roaming\Kalypso Media
2013-08-05 09:59 . 2013-08-05 14:59 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-08-05 09:59 . 2013-08-19 16:42 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 23:26 . 2010-02-19 16:07 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-14 10:27 . 2012-09-10 09:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 10:27 . 2011-05-26 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-14 16:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-02 21:37 . 2013-05-09 19:37 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-05 03:34 . 2013-07-10 14:24 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 14:15 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 14:15 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Michael\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-02 345144]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R1 pjgzbimg;pjgzbimg;c:\windows\system32\drivers\pjgzbimg.sys;c:\windows\SYSNATIVE\drivers\pjgzbimg.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\DRIVERS\ISASerial.sys;c:\windows\SYSNATIVE\DRIVERS\ISASerial.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys;c:\windows\SYSNATIVE\DRIVERS\nmserial.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys;c:\windows\SYSNATIVE\DRIVERS\NVAMACPI.sys [x]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\DRIVERS\PciIsaSerial.sys;c:\windows\SYSNATIVE\DRIVERS\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PciSPorts.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\DRIVERS\PPorts.sys;c:\windows\SYSNATIVE\DRIVERS\PPorts.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\DRIVERS\SPorts.sys;c:\windows\SYSNATIVE\DRIVERS\SPorts.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\Michael\AppData\Local\Temp\00176C5.tmp;c:\users\Michael\AppData\Local\Temp\00176C5.tmp [x]
R3 X6va002;X6va002;c:\users\Michael\AppData\Local\Temp\00223A9.tmp;c:\users\Michael\AppData\Local\Temp\00223A9.tmp [x]
R3 X6va003;X6va003;c:\users\Michael\AppData\Local\Temp\00367E9.tmp;c:\users\Michael\AppData\Local\Temp\00367E9.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xjvxvrn6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-wnooziiy - c:\users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00176C5.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00223A9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00367E9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3898419253-953206828-1185156044-1000\Software\SecuROM\License information*]
"datasecu"=hex:b6,e5,d1,b1,bd,ac,55,77,08,29,0e,6c,0b,42,a9,d3,83,3f,92,3b,81,
55,d9,53,22,2c,2b,ee,8a,f3,88,df,c3,21,0c,b4,f4,24,3d,10,2d,38,b9,5a,ac,09,\
"rkeysecu"=hex:9d,50,b6,f5,15,8b,55,67,0f,ec,88,0f,95,21,d1,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-24 13:22:41
ComboFix-quarantined-files.txt 2013-08-24 11:22
ComboFix2.txt 2013-08-24 09:01
.
Vor Suchlauf: 14 Verzeichnis(se), 74.319.159.296 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 81.111.298.048 Bytes frei
.
- - End Of File - - 165A4F098EAD5969CAC7D1DC0E4ABDF6
A36C5E4F47E84449FF07ED3517B43A31
|
|
24.08.2013, 12:39
| #7 |
| /// TB-Ausbilder | Zahlungsaufforderung MS-Dos file geöffnet So, noch eine Kontrolle. Wie läuft der Rechner? Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.08.2013, 14:41
| #8 |
| | Zahlungsaufforderung MS-Dos file geöffnet Der PC läuft so gut wie immer. Das Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.24.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Michael :: MICHAEL-ARLT [Administrator] 24.08.2013 14:01:19 mbam-log-2013-08-24 (14-01-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252401 Laufzeit: 4 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Michael\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\OpenCandy\C523EBEF497543E48DAB503F5FB8349A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Michael\AppData\Roaming\OpenCandy\C523EBEF497543E48DAB503F5FB8349A\2877.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michael\AppData\Roaming\OpenCandy\C523EBEF497543E48DAB503F5FB8349A\AVG923_p1v3.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und das Log von ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5dbef69036967544a9ff8821ad57cb96
# engine=14887
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-24 01:37:31
# local_time=2013-08-24 03:37:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 17688 242774741 55030 0
# compatibility_mode=5893 16776574 100 94 3794931 128981301 0 0
# scanned=220066
# found=1
# cleaned=0
# scan_time=3946
sh=E75B07ECDA90D4BBAA93886C4446910AA37258C4 ft=1 fh=a76c37e7987f6fab vn="Win32/Trustezeb.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\Vyqojbne\eyfxziiy.exe.vir"
|
|
24.08.2013, 14:47
| #9 | |
| /// TB-Ausbilder | Zahlungsaufforderung MS-Dos file geöffnetZitat:
 Sieht sonst gut aus - wir räumen auf. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
24.08.2013, 14:51
| #10 |
| | Zahlungsaufforderung MS-Dos file geöffnet Ich bin verwirrt, der ESET-Scanner hat ja schließlich etwas gefunden, das er nicht gelöscht hat. Ist dieser Fund harmlos?? |
|
24.08.2013, 14:59
| #11 |
| /// TB-Ausbilder | Zahlungsaufforderung MS-Dos file geöffnet Der Fund von ESET ist nur etwas, das wir bereits mit Combofix gelöscht haben. Wie du am Pfad siehst, liegt er in der Quarantäne von Combofix. Und diese Quarantäne wird mit den Aufräumschritten entfernt.
__________________ cheers, Leo |
|
24.08.2013, 15:02
| #12 |
| | Zahlungsaufforderung MS-Dos file geöffnet Ah, Gut. Vielen Dank für die gute und vor allem schnelle Hilfe. Vie Spaß und Erfolg beim weiteren Vorgehen |
|
24.08.2013, 15:03
| #13 |
| /// TB-Ausbilder | Zahlungsaufforderung MS-Dos file geöffnet Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
06.09.2013, 09:14
| #14 |
| | Zahlungsaufforderung MS-Dos file geöffnet Hier sind die Logs vom anderen PC: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Michael (administrator) on MOBIL on 06-09-2013 09:48:05
Running from C:\Users\Michael\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\System32\lpksetup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\windows\system32\lpksetup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe
(Microsoft Corporation) C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {F22A7827-AE74-4018-A6E6-C8E060B517E4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {F22A7827-AE74-4018-A6E6-C8E060B517E4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {F22A7827-AE74-4018-A6E6-C8E060B517E4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {F22A7827-AE74-4018-A6E6-C8E060B517E4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {F22A7827-AE74-4018-A6E6-C8E060B517E4} URL =
SearchScopes: HKCU - {F22A7827-AE74-4018-A6E6-C8E060B517E4} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\buhogspe.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\buhogspe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-03] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-06 09:38 - 2013-09-06 09:38 - 01948360 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2013-09-06 08:38 - 2013-09-06 08:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-06 08:37 - 2013-09-06 08:37 - 00001141 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-06 08:37 - 2013-09-06 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-06 08:36 - 2013-09-06 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-06 08:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-06 07:18 - 2013-09-06 07:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 13:10 - 2013-08-24 13:10 - 05111180 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2013-08-24 12:41 - 2013-08-24 12:41 - 00001020 _____ C:\Users\Michael\Desktop\Dropbox.lnk
2013-08-24 10:36 - 2013-08-24 10:39 - 00000000 ____D C:\windows\system32\MRT
2013-08-24 10:22 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-24 10:22 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-24 10:22 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-24 10:21 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-24 10:21 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-24 10:21 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-08-24 10:21 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-08-24 10:21 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-24 10:21 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-24 10:21 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-24 10:21 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-24 10:21 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-24 10:21 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-24 10:21 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-08-24 10:21 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-24 10:21 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-24 10:21 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-24 10:21 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-24 10:21 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-24 10:21 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-24 10:21 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-24 10:21 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-08-24 10:21 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2013-08-24 10:21 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2013-08-24 10:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-24 10:20 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-24 10:20 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-24 10:20 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-24 10:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-24 10:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-24 10:20 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-24 10:20 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-24 10:20 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-24 10:20 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2013-08-24 10:20 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2013-08-24 10:20 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-24 10:20 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-24 10:20 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2013-08-24 10:20 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2013-08-24 10:11 - 2013-08-24 10:11 - 17737608 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
2013-09-06 09:47 - 2013-09-06 09:47 - 00000000 ____D C:\FRST
2013-09-06 09:47 - 2013-07-04 10:14 - 00000000 ___RD C:\Users\Michael\Dropbox
2013-09-06 09:47 - 2013-07-04 10:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2013-09-06 09:47 - 2013-04-03 21:37 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-09-06 09:46 - 2013-05-28 08:40 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 09:45 - 2013-04-03 21:36 - 00000000 ____D C:\Users\Michael
2013-09-06 09:45 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-06 09:42 - 2013-06-27 08:32 - 00000000 ____D C:\Users\Michael\AppData\Local\TSVNCache
2013-09-06 09:38 - 2013-09-06 09:38 - 01948360 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2013-09-06 09:17 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-09-06 09:13 - 2013-05-28 08:40 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 09:13 - 2013-04-06 17:22 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 09:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-09-06 08:50 - 2012-10-31 10:05 - 00000000 ____D C:\ProgramData\WinClon
2013-09-06 08:38 - 2013-09-06 08:38 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-06 08:37 - 2013-09-06 08:37 - 00001141 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-06 08:37 - 2013-09-06 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-06 08:37 - 2013-09-06 08:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-06 08:32 - 2012-10-31 10:14 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-09-06 07:19 - 2013-09-06 07:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-06 07:17 - 2013-04-03 21:43 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1356929320-3396543483-3823885642-1001
2013-09-06 07:14 - 2013-05-06 10:08 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-06 07:14 - 2013-04-03 21:54 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-06 07:14 - 2013-04-03 21:54 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-24 13:10 - 2013-08-24 13:10 - 05111180 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2013-08-24 12:41 - 2013-08-24 12:41 - 00001020 _____ C:\Users\Michael\Desktop\Dropbox.lnk
2013-08-24 12:41 - 2013-07-04 10:12 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-24 12:41 - 2013-04-03 21:37 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-24 12:41 - 2012-11-01 01:08 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-08-24 12:41 - 2012-11-01 01:08 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-08-24 12:41 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-24 11:18 - 2012-10-31 08:57 - 01221913 _____ C:\windows\WindowsUpdate.log
2013-08-24 11:18 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-24 11:18 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-24 10:43 - 2013-04-04 16:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-24 10:39 - 2013-08-24 10:36 - 00000000 ____D C:\windows\system32\MRT
2013-08-24 10:36 - 2013-04-14 11:44 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-24 10:23 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-24 10:11 - 2013-08-24 10:11 - 17737608 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-24 10:11 - 2013-04-06 17:22 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-24 10:06 - 2013-05-28 08:41 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-06 08:53
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013 Ran by Michael at 2013-09-06 09:49:18 Running from C:\Users\Michael\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) AMD Accelerated Video Transcoding (Version: 12.5.100.20912) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) AMD Quick Stream (Version: 3.3.26.0) AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839) Avira Free Antivirus (x32 Version: 13.0.0.4052) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839) Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839) CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839) CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839) CCC Help Czech (x32 Version: 2012.0912.1708.28839) CCC Help Danish (x32 Version: 2012.0912.1708.28839) CCC Help Dutch (x32 Version: 2012.0912.1708.28839) CCC Help English (x32 Version: 2012.0912.1708.28839) CCC Help Finnish (x32 Version: 2012.0912.1708.28839) CCC Help French (x32 Version: 2012.0912.1708.28839) CCC Help German (x32 Version: 2012.0912.1708.28839) CCC Help Greek (x32 Version: 2012.0912.1708.28839) CCC Help Hungarian (x32 Version: 2012.0912.1708.28839) CCC Help Italian (x32 Version: 2012.0912.1708.28839) CCC Help Japanese (x32 Version: 2012.0912.1708.28839) CCC Help Korean (x32 Version: 2012.0912.1708.28839) CCC Help Norwegian (x32 Version: 2012.0912.1708.28839) CCC Help Polish (x32 Version: 2012.0912.1708.28839) CCC Help Portuguese (x32 Version: 2012.0912.1708.28839) CCC Help Russian (x32 Version: 2012.0912.1708.28839) CCC Help Spanish (x32 Version: 2012.0912.1708.28839) CCC Help Swedish (x32 Version: 2012.0912.1708.28839) CCC Help Thai (x32 Version: 2012.0912.1708.28839) CCC Help Turkish (x32 Version: 2012.0912.1708.28839) ccc-utility64 (Version: 2012.0912.1709.28839) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Dropbox (HKCU Version: 2.2.13) Easy File Share (x32 Version: 1.3.4) E-POP (x32 Version: 1.0.1) Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Google Chrome (x32 Version: 29.0.1547.57) Google Update Helper (x32 Version: 1.3.21.153) Guild Wars 2 (x32) Help Desk (Version: 1.0.6) Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (x32 Version: 1) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319) Microsoft Help Viewer 1.1 (Version: 1.1.40219) Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9) Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9) Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.40219) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219) Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) Plants vs. Zombies (x32) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) R for Windows 2.15.2 (Version: 2.15.2) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.7.2) RExcel 3.2.9 Noncommercial (x32) S Agent (Version: 1.0.8) Settings (x32 Version: 2.0.0) statconnDCOM 3.5-1B2 Noncommercial (x32) Support Center (Version: 2.0.13) Support Center FAQ (x32 Version: 1.0.5) SW Update (x32 Version: 2.0.24) SWord 1.0-1B1 Noncommercial (x32) Synaptics Pointing Device Driver (Version: 16.2.14.2) TortoiseSVN 1.8.0.24401 (64 bit) (Version: 1.8.24401) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Access 2007 Help (KB963663) (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office Infopath 2007 Help (KB963662) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Help (KB963677) (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Publisher 2007 Help (KB963667) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) User Guide (x32 Version: 1.3.00) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) Xerox PhotoCafe (x32 Version: 1.0.0.6162) ==================== Restore Points ========================= 24-08-2013 08:26:15 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05100A05-0B30-43BC-9EBD-F199256ABFEE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {0C6CB7D9-36A9-4895-BE56-B8A0F6A5A214} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {19D7C7B0-E63D-460F-8C47-EB41918A7C15} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1356929320-3396543483-3823885642-1001 Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {249AB0A2-FC69-4FCF-B256-157C5A8C0FD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2D1ADA8F-8AB4-48F9-92E2-A3E4AA63EF5B} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {30CB6FCA-1384-4BF3-826D-382E9AA9264D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4AF2D56A-05F2-41ED-88E5-706C4A90D7CC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {76DDDCE4-2B1B-4969-9426-8FEC78CB7725} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-24] (Adobe Systems Incorporated) Task: {79169A24-D3C3-4054-AF22-E3F613D3CF7F} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {7FFA3AC8-B2CB-4852-B1F0-110AB795EC1D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated) Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {A7578305-738A-48A3-ADB4-B7748B6DE4E9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB2F1962-1395-44A3-8C83-DC0875558137} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.) Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {AFC6F13C-C1CA-443D-A068-0F094CEC5BB3} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] () Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C14F95A5-1A7C-4EF0-AFC6-16F1EED7B4EF} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.) Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C1EA552C-65B2-421B-9173-329ED98B8F3A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC) Task: {C3CBB9DB-917B-4416-9E91-7F2BC093012A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E654BCF0-BC62-4B42-8D55-BA45F41A35CD} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {E76650FA-03BD-4F9A-AFFA-2B64FA9D4678} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {FE2BFE9F-38DD-43CB-86E0-3C34CC2F274F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-16 13:01 - 2012-10-16 13:01 - 01046840 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll 2012-10-16 13:01 - 2012-10-16 13:01 - 00229176 _____ (Synaptics Incorporated) C:\windows\SYSTEM32\SynTPAPI.dll 2013-07-04 11:34 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll 2012-07-26 01:33 - 2012-07-26 05:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll 2012-07-26 02:04 - 2012-07-26 05:07 - 00046592 _____ (Microsoft Corporation) C:\windows\SYSTEM32\windows.globalization.fontgroups.dll 2013-04-05 13:12 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll 2011-06-13 10:20 - 2011-06-13 10:20 - 00075544 _____ (hxxp://tortoisesvn.net) C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 00494320 _____ (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 04600560 _____ (hxxp://subversion.apache.org/) C:\Program Files\TortoiseSVN\bin\libsvn_tsvn.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 00173296 _____ (Apache Software Foundation) C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 00056048 _____ (Free Software Foundation) C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 00271088 _____ (Apache Software Foundation) C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2013-06-17 20:27 - 2013-06-17 20:27 - 02133744 _____ (Idol Software) C:\Program Files\TortoiseSVN\bin\crshhndl.dll 2013-06-22 01:34 - 2013-06-22 01:34 - 00164016 _____ (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll 2013-04-14 12:45 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll 2012-10-31 09:53 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll 2012-10-31 09:53 - 2012-07-16 08:16 - 03643024 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll 2012-09-05 09:50 - 2012-09-05 09:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-09-05 09:50 - 2012-09-05 09:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Michael\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Michael\AppData\Roaming\Dropbox\bin\icudt.dll 2012-10-31 10:11 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-04-03 21:54 - 2013-09-06 07:14 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll 2013-04-03 21:54 - 2013-09-06 07:14 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll 2013-09-06 07:16 - 2013-09-06 07:14 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2013 09:47:49 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (09/06/2013 09:35:49 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x9d4 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (09/06/2013 09:07:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig. Error: (09/06/2013 09:00:11 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig. Error: (09/06/2013 08:50:47 AM) (Source: System Restore) (User: ) Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101). Error: (09/06/2013 08:50:46 AM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101). Error: (09/06/2013 07:13:01 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x968 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (08/24/2013 00:38:25 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x9f8 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (08/24/2013 09:41:08 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x618 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (07/26/2013 10:44:58 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x824 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 System errors: ============= Error: (09/06/2013 09:45:57 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a65\??\C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat Error: (09/06/2013 09:45:32 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 06.09.2013 um 09:41:34 unerwartet heruntergefahren. Error: (09/06/2013 08:52:00 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: 1053TrustedInstallerNicht verfügbar{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (09/06/2013 08:51:58 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/06/2013 08:51:43 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht. Error: (08/24/2013 00:37:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/24/2013 00:37:57 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht. Error: (08/24/2013 11:17:23 AM) (Source: DCOM) (User: Mobil) Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82} Error: (07/25/2013 11:52:19 AM) (Source: DCOM) (User: Mobil) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MobilMichaelS-1-5-21-1356929320-3396543483-3823885642-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/24/2013 11:42:55 AM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.217 registriert werden. Der Computer mit IP-Adresse 192.168.1.9 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 1497.6 MB Available physical RAM: 584.66 MB Total Pagefile: 2905.6 MB Available Pagefile: 1672.89 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:439.16 GB) (Free:384.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: AF0FC517) Partition: GPT Partition Type ==================== End Of Log ============================ |
|
06.09.2013, 09:20
| #15 | |
| /// TB-Ausbilder | Zahlungsaufforderung MS-Dos file geöffnet Hallo, Zitat:
__________________ cheers, Leo |
|
| Themen zu Zahlungsaufforderung MS-Dos file geöffnet |
| 7-zip, anhang, avira, avira searchfree toolbar, bereits, besser, bewusst, bluestacks, datei, dummheit, einfach, erhalte, erhalten, file, firefox 23.0.1, forum, fragen, gen, install.exe, intranet, lieber, nichts, panik, rechner, sauber, schei, sierra, thread, verlangt, verursacht, weiterhelfen, öffnen |
Linear-Darstellung
