|
Log-Analyse und Auswertung: Wiederholtes Piepen, dann AbsturzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.09.2013, 19:58 | #1 |
| Wiederholtes Piepen, dann Absturz Das problem, das ich beschreibe, wurde zwar schon in einem anderen beitrag beschrieben, aber vielleicht gibt es ja noch andere wege um es zu lösen. Was passiert, um es abzukürzen, ist, dass mein laptop (windows 7) neuerdings nach dem hochfahren, nach einem zeitraum von 2-15 minuten, irgendwann anfängt zu piepen, und dann nach ca. 20 sekunden abstürzt. Das problem hab ich erst seitdem ich zum ersten mal in dieses öffentliche netzwerk gegangen bin, deshalb würde es mich nicht wundern, wenn es durch einen virus hervorgerrufen wird. Ausserdem kommt keine error meldung oder ähnliches, die das erklärt, deshalb glaub ich mal nicht, das das so sein sollte. Auffällig ist ausserdem, das im takt mit dem piepen plötzlich die capslock und die numpad lämpchen an der seite blinken, ohne das ich darauf einfluss nehmen kann. Das piepen an sich ist eigentlich ein sich wiederholender, ziemlich lauter nerviger ton, der sich allerdings durch die normalen lauter/ leiser tasten einstellen lässt. Ich hab mein virenschutzprogramm durchlaufen lassen, und wenn es mal nicht durch das abstürzen unterbrochen wurde, findet es nichts, aber ich gehe nicht davon aus, das das irgendwas bedeutet. Das die hardware schuld ist, glaube ich auch nicht, abgesehen davon, das die lüftung neuerdings nicht mehr arbeitet (?), ansonsten ist der laptop neu und hat bis zuvor prima funktioniert. Es währ wirklich toll wenn mir irgendjemand helfen könnte. |
20.09.2013, 20:33 | #2 |
/// the machine /// TB-Ausbilder | Wiederholtes Piepen, dann Absturz hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
25.09.2013, 20:52 | #3 |
| Wiederholtes Piepen, dann Absturz FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02 Ran by Marat (administrator) on KAIPUU on 12-09-2013 18:07:53 Running from C:\Users\Marat\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () c:\Program Files (x86)\Hotkey\PowerBiosServer.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Chicony) C:\Program Files (x86)\ChiconyCam\CECAPLF.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Hotkey\Hotkey.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe () C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\fbwmgr.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2862928 2012-08-19] (ELAN Microelectronics Corp.) HKLM\...\Run: [CECAPLF] - C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [121456 2011-07-06] (Chicony) Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO) HKCU\...\Run: [OscarEditor] - C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [3340288 2012-03-20] () HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2012-12-26] (NEXON Inc.) HKCU\...\Run: [GoogleChromeAutoLaunch_7275CEBAC9C3C4C0ADBEBAE3CBDA4C5C] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.) MountPoints2: G - G:\HTC_Sync_Manager_PC.exe MountPoints2: {6b5ed6c4-5e78-11e2-b0dc-0090f5d50f96} - G:\HTC_Sync_Manager_PC.exe MountPoints2: {a9d61508-6302-11e2-bfb5-0090f5d50f96} - G:\HTC_Sync_Manager_PC.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-11-07] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2254768 2012-11-19] (LogMeIn Inc.) HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-16] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-02-23] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.claro-search.com/?affID=114508&tt=4612_8&babsrc=HP_clro&mntrId=80ade2ab000000000000844bf516a9f3 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = SearchScopes: HKLM - DefaultScope {E45FE5AE-C88A-46E4-9C55-5EF4B5932A34} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {E45FE5AE-C88A-46E4-9C55-5EF4B5932A34} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS SearchScopes: HKLM-x32 - DefaultScope {E45FE5AE-C88A-46E4-9C55-5EF4B5932A34} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {E45FE5AE-C88A-46E4-9C55-5EF4B5932A34} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4612_8&babsrc=SP_clro&mntrId=80ade2ab000000000000844bf516a9f3 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4612_8&babsrc=SP_clro&mntrId=80ade2ab000000000000844bf516a9f3 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: Savings Sidekick - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps) BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Winsock: Catalog9 01 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9 02 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9 03 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9 04 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9 05 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9 06 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9 17 %SYSTEMROOT%\system32\BfLLR.dll [196096] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 Chrome: ======= CHR HomePage: hxxp://isearch.avg.com/?cid={83F3B2E4-CBB2-4C67-9C80-F0B5D5E7EA79}&mid=8ac85864acb947d39e31d1d9b331e665-16892e012357a4bd2f2ebe462618a9b18170c40f&lang=de&ds=tc011&pr=sa&d=2013-02-19 16:38:31&v=15.3.0.11&pid=avg&sg=0&sap=hp CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={83F3B2E4-CBB2-4C67-9C80-F0B5D5E7EA79}&mid=8ac85864acb947d39e31d1d9b331e665-16892e012357a4bd2f2ebe462618a9b18170c40f&lang=de&ds=tc011&pr=sa&d=2013-02-19 16:38:31&v=15.3.0.11&pid=avg&sg=0&sap=hp" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll No File CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Kaspersky URL Advisor) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0 CHR Extension: (hxxp://www.facebook.com/) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo\2012.11.7.30856_0 CHR Extension: (DealPly) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0 CHR Extension: (AdBlock) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (SearchPreview) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.0_0 CHR Extension: (Virtual Keyboard) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0 CHR Extension: (AVG Secure Search) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR Extension: (Anti-Banner) - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Marat\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Marat\AppData\Local\Wajam\Chrome\wajam.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-11-07] (Kaspersky Lab ZAO) R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2847696 2013-07-26] () R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [852264 2013-08-16] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-08-13] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-08-16] () R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792 2011-02-15] () R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] () R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-16] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3364720 2012-07-23] (Qualcomm Atheros, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-16] (AVG Technologies) R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc.) S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-11-07] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-13] (Atheros) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-12 18:04 - 2013-09-12 18:03 - 01949642 _____ (Farbar) C:\Users\Marat\Desktop\FRST64.exe 2013-09-12 18:03 - 2013-09-12 18:03 - 01949642 _____ (Farbar) C:\Users\Marat\Downloads\FRST64.exe 2013-09-09 14:37 - 2013-09-09 14:37 - 00017920 ___SH C:\Users\Marat\Downloads\Thumbs.db 2013-09-09 13:20 - 2013-09-09 13:20 - 00001780 _____ C:\Users\Marat\Desktop\Sicherer Browser.lnk 2013-09-08 20:12 - 2013-09-08 20:12 - 00001550 _____ C:\Users\Marat\Desktop\FUNGW - Verknüpfung.lnk 2013-09-07 16:06 - 2013-09-07 16:06 - 00001993 _____ C:\Users\asdafe\Desktop\Joe Bonamassa Blues Deluxe - Verknüpfung.lnk 2013-09-03 21:06 - 2013-09-11 22:03 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-08-31 13:43 - 2013-09-11 22:03 - 00003434 _____ C:\Windows\System32\Tasks\Browser Manager 2013-08-28 13:59 - 2013-08-28 13:59 - 00000713 _____ C:\Users\Public\Desktop\C2-FWF.lnk 2013-08-28 13:59 - 2013-08-28 13:59 - 00000000 ____D C:\Users\Marat\AppData\Roaming\C2-FWF 2013-08-28 13:16 - 2013-08-28 13:54 - 343566450 _____ C:\Users\Marat\Downloads\allgrey_c2-fwf_5.3_en.zip 2013-08-24 18:09 - 2013-08-24 18:09 - 00000189 _____ C:\Users\Marat\Downloads\Download (1) 2013-08-24 13:14 - 2013-08-13 01:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys 2013-08-23 18:38 - 2013-08-23 18:38 - 00698656 _____ () C:\Users\Marat\Downloads\Winrar32Bit401_SoftangoDownloader.exe 2013-08-23 18:35 - 2013-08-23 18:35 - 00698656 _____ () C:\Users\Marat\Downloads\Zip_SoftangoDownloader.exe 2013-08-23 18:10 - 2013-08-23 18:32 - 207275597 _____ C:\Users\Marat\Downloads\Berlin(1).rar 2013-08-23 18:09 - 2013-08-23 18:10 - 10583611 _____ C:\Users\Marat\Downloads\Joe-Bonamassa.zip 2013-08-16 12:51 - 2013-08-16 12:51 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-08-16 12:50 - 2013-08-16 12:50 - 07876512 _____ (Adobe Systems Inc.) C:\Users\asdafe\Downloads\Shockwave_Installer_Slim.exe 2013-08-16 12:50 - 2013-08-16 12:50 - 07876512 _____ (Adobe Systems Inc.) C:\Users\asdafe\Desktop\Shockwave_Installer_Slim.exe 2013-08-15 14:25 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 14:25 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 14:25 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 14:25 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 14:25 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 14:25 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 14:25 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 14:25 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 14:25 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 14:25 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 14:25 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 14:25 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 14:25 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 14:25 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 10:51 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 10:51 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 10:51 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 10:51 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 10:51 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 10:51 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 10:51 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 10:51 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 10:51 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 10:51 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 10:51 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 10:44 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 10:44 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 10:43 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 10:43 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 10:43 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 10:43 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 10:43 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 10:43 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 10:43 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 10:43 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 10:43 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 10:43 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 10:43 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 10:43 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-15 10:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 10:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-13 14:17 - 2013-08-13 14:17 - 00001139 _____ C:\Users\Public\Desktop\Opera.lnk 2013-08-13 14:17 - 2013-08-13 14:17 - 00000000 ____D C:\Users\Marat\AppData\Roaming\Opera Software 2013-08-13 14:17 - 2013-08-13 14:17 - 00000000 ____D C:\Users\Marat\AppData\Local\Opera Software 2013-08-13 14:17 - 2013-08-13 14:17 - 00000000 ____D C:\Program Files (x86)\Opera 2013-08-13 14:13 - 2013-08-13 14:16 - 31026832 _____ (Opera Software ASA) C:\Users\Marat\Downloads\Opera_15.0.1147.153_Setup.exe 2013-08-13 14:06 - 2013-08-13 14:06 - 00000000 ____D C:\Users\Marat\AppData\Roaming\Unity 2013-08-13 13:56 - 2013-08-13 13:56 - 00000000 ____D C:\Users\Marat\AppData\Local\Unity 2013-08-13 13:55 - 2013-08-13 13:55 - 00648144 _____ (Unity Technologies ApS) C:\Users\Marat\Downloads\UnityWebPlayer.exe ==================== One Month Modified Files and Folders ======= 2013-09-12 18:04 - 2013-09-12 18:04 - 00000000 ____D C:\FRST 2013-09-12 18:03 - 2013-09-12 18:04 - 01949642 _____ (Farbar) C:\Users\Marat\Desktop\FRST64.exe 2013-09-12 18:03 - 2013-09-12 18:03 - 01949642 _____ (Farbar) C:\Users\Marat\Downloads\FRST64.exe 2013-09-12 18:01 - 2012-11-07 12:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-09-12 18:00 - 2012-11-07 12:06 - 01524254 _____ C:\Windows\WindowsUpdate.log 2013-09-12 18:00 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-12 18:00 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-12 18:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2013-09-12 17:59 - 2012-11-07 12:22 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-11 22:08 - 2011-04-12 09:43 - 00726454 _____ C:\Windows\system32\perfh007.dat 2013-09-11 22:08 - 2011-04-12 09:43 - 00157606 _____ C:\Windows\system32\perfc007.dat 2013-09-11 22:08 - 2009-07-14 07:13 - 01670444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-11 22:03 - 2013-09-03 21:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-09-11 22:03 - 2013-08-31 13:43 - 00003434 _____ C:\Windows\System32\Tasks\Browser Manager 2013-09-11 22:03 - 2012-11-20 22:33 - 00000000 ____D C:\Users\Marat\AppData\Local\LogMeIn Hamachi 2013-09-11 22:03 - 2012-11-07 12:22 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-11 22:03 - 2012-10-18 10:48 - 00000000 ____D C:\ProgramData\Bigfoot Networks 2013-09-11 22:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-11 22:03 - 2009-07-14 06:51 - 00172926 _____ C:\Windows\setupact.log 2013-09-11 18:47 - 2012-12-26 02:03 - 00000000 ____D C:\Users\Marat\AppData\Roaming\vlc 2013-09-11 18:46 - 2012-12-26 02:05 - 00000000 ____D C:\Users\Marat\AppData\Roaming\dvdcss 2013-09-10 20:21 - 2013-05-07 16:36 - 00007621 _____ C:\Users\Marat\AppData\Local\Resmon.ResmonCfg 2013-09-09 15:01 - 2012-11-19 23:36 - 00000000 ____D C:\Users\Marat\Desktop\Dokumente 2013-09-09 14:37 - 2013-09-09 14:37 - 00017920 ___SH C:\Users\Marat\Downloads\Thumbs.db 2013-09-09 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-09 13:20 - 2013-09-09 13:20 - 00001780 _____ C:\Users\Marat\Desktop\Sicherer Browser.lnk 2013-09-08 21:43 - 2012-11-21 00:54 - 00000000 ____D C:\Users\asdafe\AppData\Local\LogMeIn Hamachi 2013-09-08 20:12 - 2013-09-08 20:12 - 00001550 _____ C:\Users\Marat\Desktop\FUNGW - Verknüpfung.lnk 2013-09-07 22:29 - 2012-11-14 00:38 - 00000000 ____D C:\Users\Marat\.gimp-2.8 2013-09-07 21:03 - 2005-03-13 18:17 - 01048576 _____ C:\Users\Marat\Desktop\Pokemon Rot (D).gb 2013-09-07 20:53 - 2012-11-14 20:50 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-09-07 16:17 - 2013-07-01 23:23 - 00000000 ____D C:\Users\asdafe\AppData\Roaming\vlc 2013-09-07 16:06 - 2013-09-07 16:06 - 00001993 _____ C:\Users\asdafe\Desktop\Joe Bonamassa Blues Deluxe - Verknüpfung.lnk 2013-09-06 21:40 - 2012-12-14 18:03 - 00004146 _____ C:\Windows\System32\Tasks\Software Updater Ui 2013-09-06 21:40 - 2012-12-14 17:59 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater 2013-09-06 18:17 - 2012-11-07 19:21 - 00000000 ____D C:\Users\Marat\Documents\TubeBox 2013-09-05 19:28 - 2012-11-22 21:43 - 00000000 ____D C:\Users\Marat\AppData\Roaming\.minecraft 2013-09-01 21:48 - 2012-11-16 21:04 - 00000000 ____D C:\Users\Marat\Desktop\Programme 2013-09-01 21:47 - 2012-11-07 12:35 - 00000000 ____D C:\Users\Marat\Desktop\Softwaremüll 2013-08-28 14:01 - 2012-11-08 23:20 - 00000000 ____D C:\Users\Marat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-08-28 13:59 - 2013-08-28 13:59 - 00000713 _____ C:\Users\Public\Desktop\C2-FWF.lnk 2013-08-28 13:59 - 2013-08-28 13:59 - 00000000 ____D C:\Users\Marat\AppData\Roaming\C2-FWF 2013-08-28 13:54 - 2013-08-28 13:16 - 343566450 _____ C:\Users\Marat\Downloads\allgrey_c2-fwf_5.3_en.zip 2013-08-24 18:09 - 2013-08-24 18:09 - 00000189 _____ C:\Users\Marat\Downloads\Download (1) 2013-08-24 13:14 - 2013-06-28 17:58 - 00001054 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk 2013-08-24 13:14 - 2013-01-10 22:16 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2013-08-23 18:38 - 2013-08-23 18:38 - 00698656 _____ () C:\Users\Marat\Downloads\Winrar32Bit401_SoftangoDownloader.exe 2013-08-23 18:35 - 2013-08-23 18:35 - 00698656 _____ () C:\Users\Marat\Downloads\Zip_SoftangoDownloader.exe 2013-08-23 18:32 - 2013-08-23 18:10 - 207275597 _____ C:\Users\Marat\Downloads\Berlin(1).rar 2013-08-23 18:10 - 2013-08-23 18:09 - 10583611 _____ C:\Users\Marat\Downloads\Joe-Bonamassa.zip 2013-08-18 13:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-16 13:22 - 2012-11-25 18:03 - 00000000 __RHD C:\Users\asdafe\Desktop\, 2013-08-16 12:51 - 2013-08-16 12:51 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-08-16 12:50 - 2013-08-16 12:50 - 07876512 _____ (Adobe Systems Inc.) C:\Users\asdafe\Downloads\Shockwave_Installer_Slim.exe 2013-08-16 12:50 - 2013-08-16 12:50 - 07876512 _____ (Adobe Systems Inc.) C:\Users\asdafe\Desktop\Shockwave_Installer_Slim.exe 2013-08-16 12:48 - 2013-02-19 17:38 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-08-16 12:48 - 2013-02-19 17:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-08-15 14:14 - 2013-08-08 22:15 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 14:13 - 2012-11-26 17:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 14:17 - 2013-08-13 14:17 - 00001139 _____ C:\Users\Public\Desktop\Opera.lnk 2013-08-13 14:17 - 2013-08-13 14:17 - 00000000 ____D C:\Users\Marat\AppData\Roaming\Opera Software 2013-08-13 14:17 - 2013-08-13 14:17 - 00000000 ____D C:\Users\Marat\AppData\Local\Opera Software 2013-08-13 14:17 - 2013-08-13 14:17 - 00000000 ____D C:\Program Files (x86)\Opera 2013-08-13 14:16 - 2013-08-13 14:13 - 31026832 _____ (Opera Software ASA) C:\Users\Marat\Downloads\Opera_15.0.1147.153_Setup.exe 2013-08-13 14:06 - 2013-08-13 14:06 - 00000000 ____D C:\Users\Marat\AppData\Roaming\Unity 2013-08-13 13:56 - 2013-08-13 13:56 - 00000000 ____D C:\Users\Marat\AppData\Local\Unity 2013-08-13 13:55 - 2013-08-13 13:55 - 00648144 _____ (Unity Technologies ApS) C:\Users\Marat\Downloads\UnityWebPlayer.exe 2013-08-13 01:07 - 2013-08-24 13:14 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys Files to move or delete: ==================== C:\Users\asdafe\AppData\Local\Temp\iql1pqob.dll C:\Users\asdafe\AppData\Local\Temp\jwizansw.dll C:\Users\Marat\AppData\Local\Temp\AskSLib.dll C:\Users\Marat\AppData\Local\Temp\AutoRun.exe C:\Users\Marat\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Marat\AppData\Local\Temp\avguidx.dll C:\Users\Marat\AppData\Local\Temp\EAInstall.dll C:\Users\Marat\AppData\Local\Temp\eauninstall.exe C:\Users\Marat\AppData\Local\Temp\i4jdel0.exe C:\Users\Marat\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Marat\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Marat\AppData\Local\Temp\mgsqlite3.dll C:\Users\Marat\AppData\Local\Temp\NGMDll.dll C:\Users\Marat\AppData\Local\Temp\NGMResource.dll C:\Users\Marat\AppData\Local\Temp\oi_{3E810D57-FD79-4727-B214-3BB2C8A73E75}.exe C:\Users\Marat\AppData\Local\Temp\ose00000.exe C:\Users\Marat\AppData\Local\Temp\ping.exe C:\Users\Marat\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe C:\Users\Marat\AppData\Local\Temp\SIMEEI2Installer.exe C:\Users\Marat\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Marat\AppData\Local\Temp\SkypeSetup.exe C:\Users\Marat\AppData\Local\Temp\Softango Downloader213706.exe C:\Users\Marat\AppData\Local\Temp\TubeBox-4.1.0.0.exe C:\Users\Marat\AppData\Local\Temp\unicows.dll C:\Users\Marat\AppData\Local\Temp\wajam_download.exe C:\Users\Marat\AppData\Local\Temp\wajam_install.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-04 13:43 ==================== End Of Log ============================ --- --- --- und hier addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02 Ran by Marat at 2013-09-12 18:08:57 Running from C:\Users\Marat\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= «Conquest 2 - Frontier Wars Forever ™» v.5.3 (x32 Version: v.5.3) Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.110) Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.110) Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133) Apple Application Support (x32 Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (x32 Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.122) Audiosurf Beta (x32) AVG Security Toolbar (x32 Version: 15.5.0.2) Babylon Chrome Toolbar (x32 Version: 2.0.0.4) Babylon toolbar (x32) BisonCam (x32 Version: ) Bonjour (Version: 3.0.0.10) bProtector for Windows (x32) Cheat Engine 6.2 (x32) ChiconyCam (x32 Version: 1.0.54.0521) Commander Keen - Keen Dreams (x32) Crysis® 2 (x32 Version: 1.0.0.0) D3DX10 (x32 Version: 15.4.2368.0902) DealPly (HKCU) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Die Schlacht um Mittelerde(tm) (x32) Die Schlacht um Mittelerde™ II (x32) EA Download Manager (x32 Version: 7.2.0.32) ETDWare PS/2-X64 11.10.2.2_WHQL (Version: 11.10.2.2) Fotogalerie (x32 Version: 16.4.3505.0912) Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031) GIMP 2.8.2 (Version: 2.8.2) Google Chrome (x32 Version: 29.0.1547.66) Google Update Helper (x32 Version: 1.3.21.153) Hotkey 3.3043 (x32 Version: 3.3043) Hotspot Shield 3.13 (x32 Version: 3.13) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Processor Graphics (x32 Version: 8.15.10.2712) Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006) Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004) iTunes (Version: 10.7.0.21) Java 7 Update 15 (x32 Version: 7.0.150) Java 7 Update 9 (64-bit) (Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.0) jose (x32 Version: 1.3) Junk Mail filter update (x32 Version: 16.4.3505.0912) Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374) LogMeIn Hamachi (x32 Version: 2.1.0.284) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft SkyDrive (HKCU Version: 17.0.2003.1112) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3505.0912) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) My Mix (x32) Nexon Game Manager (x32) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Systemsteuerung 295.93 (Version: 295.93) Opera Stable 15.0.1147.153 (x32 Version: 15.0.1147.153) Origin (x32 Version: 9.0.15.65) OSCAR Editor (x32 Version: 12.03.0004) Photo Gallery (x32 Version: 16.4.3505.0912) Photo! Editor 1.1 (x32) PhotoScape (x32) Python 2.7.2 (x32 Version: 2.7.2150) Qualcomm Atheros Killer Network Manager (Version: 6.1.0.395) Qualcomm Atheros Killer Network Manager (x32 Version: 6.1.0.395) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) Rotation Pilot Free 1.0.4 (x32 Version: 1.0.4) Savings Sidekick (x32 Version: 1.24.151.151) Skype™ 6.1 (x32 Version: 6.1.129) Steam (x32 Version: 1.0.0.0) SweetIM for Messenger 3.7 (x32 Version: 3.7.0007) SweetPacks bundle uninstaller (x32 Version: 1.0.0000) swMSM (x32 Version: 12.0.0.1) TeamViewer 8 (x32 Version: 8.0.16642) TubeBox (x32 Version: 4.1.1.0) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008) VLC media player 2.0.0-rc1 (x32 Version: 2.0.0-rc1) VLC media player 2.1.0-git (Version: 2.1.0-git) Wajam (x32 Version: 1.50) WebCam Installer (x32 Version: 4.041) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live Family Safety (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) WinHTTrack Website Copier 3.46-1 (x32 Version: 3.46.1) X7 Oscar Editor (x32 Version: 12.03.0004) ==================== Restore Points ========================= 27-08-2013 09:31:12 Windows Update 30-08-2013 09:33:40 Windows Update 01-09-2013 19:55:28 Windows-Sicherung 03-09-2013 12:15:50 Windows Update 08-09-2013 17:30:39 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {193B62EF-DAAC-4237-ADC6-6AB70006FA9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.) Task: {199D5F0F-B7C0-4F7B-8EB7-5DA184AE1854} - System32\Tasks\DealPly => C:\Users\Marat\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-10] () Task: {2BAB40B4-8679-49C0-B27C-E8A1D0B1AB2A} - System32\Tasks\Browser Manager => Sc.exe start Browser Manager Task: {336E678E-546E-4CAE-84B7-8CED7F77F715} - System32\Tasks\{8210576A-9A61-46C4-8D66-B854C16D0AB7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar Task: {442937F9-3ADB-48C1-BA9C-2F58837D38DE} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2012-10-21] (DealPly) Task: {4A21DE04-E95F-4839-81D6-460756B7DD90} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {5E666A4A-F431-4B08-8916-962AD403D65D} - System32\Tasks\Updater5060.exe => C:\Users\Marat\AppData\Local\Updater5060\Updater5060.exe [2013-01-17] (FileProperties_CompanyName) Task: {5E89DDC6-D7CC-4173-9C43-B238154005BA} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-23] () Task: {68B87ADF-0FBA-4B03-9D0C-39059910D126} - \AdobeFlashPlayerUpdate No Task File Task: {AE3D20CF-6828-4851-A4E2-2ACE000E7AEA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {B78110D8-0235-411D-9231-FBD4247E3A72} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {B8B155A3-8947-4BB2-8662-EE17E7FBD798} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-09-03] () Task: {D64BA322-CF19-4F6E-8D66-C9F4A4B8ED65} - \AdobeFlashPlayerUpdate 2 No Task File Task: {E71C5F9C-A0DA-4F24-A638-AE0E5EF69516} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {EEF7A4B3-B221-4EB7-A4C6-B2682750D460} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation) Task: {F6AE5C33-9E49-4C19-B364-DB71C68E120C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1681562818-1790632305-1859931045-1003 => C:\Windows\System32\portabledeviceapi.dll [2010-11-21] (Microsoft Corporation) Task: {F895FF28-3F97-4EE8-B547-236A65611DC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07] (Google Inc.) Task: {FAB90BA2-A75A-4975-A91E-E932A96ECBAF} - System32\Tasks\{72463820-C0E0-4DFA-9190-AFD930FC4ECC} => Chrome.exe hxxp://ui.skype.com/ui/0/6.0.0.120/de/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {FC71B8E3-87F6-40F2-B1DD-A9094888A2F2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1681562818-1790632305-1859931045-1001 Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-05-31 13:07 - 2012-02-23 11:24 - 00260928 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00261624 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00661448 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCP110.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00828872 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll 2012-05-02 08:31 - 2012-03-26 17:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2012-05-02 08:31 - 2012-03-26 17:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-05-09 20:46 - 2011-05-09 20:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll 2011-05-09 20:56 - 2011-05-09 20:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll 2011-05-09 20:48 - 2011-05-09 20:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll 2011-05-09 20:47 - 2011-05-09 20:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll 2011-05-10 12:32 - 2011-05-10 12:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll 2012-07-23 16:36 - 2012-07-23 16:36 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll 2012-07-23 16:37 - 2012-07-23 16:37 - 00216064 _____ (Bigfoot Networks, Inc.) C:\Windows\system32\BfLLR.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00026968 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00222712 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00534480 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\MSVCP110.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00862664 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\MSVCR110.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00542712 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\Telemetry.dll 2012-11-21 00:00 - 2012-11-21 00:00 - 00039432 _____ (Microsoft Corporation) C:\Users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\logging.dll 2011-03-23 10:52 - 2011-03-23 10:52 - 00218112 _____ (TODO: <公司名稱>) C:\Program Files (x86)\Hotkey\GetProductdll.dll 2009-06-06 15:50 - 2009-06-06 15:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll 2010-06-21 11:10 - 2010-06-21 11:10 - 00204288 _____ (TODO: <公司名稱>) C:\Program Files (x86)\Hotkey\wlandll.dll 2011-06-01 15:44 - 2011-06-01 15:44 - 00221696 _____ (TODO: <公司名稱>) C:\Program Files (x86)\Hotkey\powerlife.dll 2011-10-13 21:41 - 2011-10-13 21:41 - 00090512 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll 2011-04-25 00:12 - 2011-04-25 00:12 - 00012688 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avpinit.dll 2011-10-13 21:41 - 2012-11-07 13:08 - 00455096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avpmain.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00147856 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\prremote.dll 2011-04-25 00:13 - 2012-11-07 13:09 - 00098744 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\fssync.dll 2011-04-25 00:12 - 2011-04-25 00:12 - 00123280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\DumpWriter.dll 2011-04-25 00:12 - 2011-04-25 00:12 - 00019856 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\CLLDR.DLL 2011-04-25 00:13 - 2011-04-25 00:13 - 00270736 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\prloader.dll 2011-04-25 00:14 - 2011-04-25 00:14 - 00115088 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\nfio.ppl 2011-04-25 00:13 - 2011-04-25 00:13 - 00021392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\fsdrvplg.ppl 2011-04-25 00:14 - 2011-04-25 00:14 - 00038288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\winreg.ppl 2011-04-25 00:13 - 2013-09-04 15:08 - 00274624 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\service.dll 2011-04-25 00:13 - 2013-09-04 15:08 - 00979136 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\eka_meta.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00315792 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\esmgr.dll 2011-10-13 21:41 - 2012-11-07 13:12 - 00042896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\pxstub.ppl 2011-10-13 21:41 - 2013-09-04 15:09 - 01118400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\params.ppl 2011-10-13 21:41 - 2013-09-04 15:09 - 04460736 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avpgui.ppl 2011-04-25 00:13 - 2011-04-25 00:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll 2011-10-13 21:41 - 2012-11-07 13:11 - 02154936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\basegui.ppl 2011-04-25 00:14 - 2011-04-25 00:14 - 00041360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\thpimpl.ppl 2011-04-25 00:13 - 2011-04-25 00:13 - 00074128 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\memmon.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00582032 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\localization_manager.dll 2011-04-20 20:56 - 2011-04-20 20:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll 2011-04-25 00:14 - 2011-04-25 00:14 - 00090512 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\propmap.ppl 2012-08-27 22:33 - 2012-08-27 22:33 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2012-08-27 22:33 - 2012-08-27 22:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-08-27 22:33 - 2012-08-27 22:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll 2012-10-04 17:35 - 2012-10-04 17:35 - 00299352 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll 2012-10-04 17:35 - 2012-10-04 17:35 - 00098648 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00516440 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00036696 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00168280 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll 2012-10-04 17:35 - 2012-10-04 17:35 - 00074072 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll 2012-10-04 17:34 - 2012-10-04 17:34 - 00065880 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00650584 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00061272 _____ (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00041304 _____ (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll 2012-08-15 20:08 - 2012-08-15 20:08 - 00071512 _____ (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll 2013-08-16 12:48 - 2013-08-16 12:48 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll 2013-08-16 12:48 - 2013-08-16 12:48 - 00144560 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll 2013-09-04 19:22 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll 2013-09-04 19:22 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll 2013-09-04 19:22 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll 2013-09-04 19:22 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll 2013-09-04 19:22 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll 2012-11-08 21:16 - 2012-11-08 21:16 - 00109704 _____ (DVDVideoSoft Ltd.) C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll 2012-11-07 13:48 - 2012-11-07 13:48 - 00266640 _____ (Kaspersky Lab ZAO) C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin\npUrlAdvisor.dll 2011-10-13 21:41 - 2011-10-13 21:41 - 00209296 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblc.dll 2011-04-25 00:13 - 2012-11-07 13:09 - 00238008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kltbar.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00070032 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbcl.dll 2012-11-07 13:48 - 2012-11-07 13:48 - 00098704 _____ (Kaspersky Lab ZAO) C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin\npVKPlugin.dll 2012-11-07 12:35 - 2012-11-07 12:35 - 00078224 _____ (Kaspersky Lab ZAO) C:\Users\Marat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin\npABPlugin.dll 2013-08-15 14:38 - 2013-08-15 14:38 - 00489472 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll 2013-07-24 14:07 - 2013-07-24 14:07 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00074128 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\sbhook.dll 2013-08-16 23:39 - 2013-08-16 23:39 - 00764200 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll 2013-08-13 00:16 - 2013-08-13 00:16 - 00075264 _____ (Zlib) C:\Program Files (x86)\Hotspot Shield\bin\zlib1.dll 2011-10-13 21:41 - 2012-11-07 13:10 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\scrchpg.dll 2011-04-25 00:13 - 2011-04-25 00:13 - 00030096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klscav.dll 2013-09-04 19:22 - 2013-09-02 22:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2013 06:00:04 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 999 Error: (09/12/2013 06:00:04 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 999 Error: (09/12/2013 06:00:04 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/11/2013 10:03:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 09:05:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 06:46:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 02:05:11 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 02:02:12 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 08:24:39 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 08:17:22 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2013 System errors: ============= Error: (09/11/2013 10:03:44 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (09/11/2013 10:03:44 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (09/11/2013 10:03:44 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (09/11/2013 10:03:44 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (09/11/2013 10:03:27 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 11.09.2013 um 22:02:03 unerwartet heruntergefahren. Error: (09/11/2013 09:05:38 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (09/11/2013 09:05:38 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (09/11/2013 09:05:38 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (09/11/2013 09:05:38 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (09/11/2013 09:05:24 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 11.09.2013 um 18:54:29 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (09/12/2013 06:00:04 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 999 Error: (09/12/2013 06:00:04 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 999 Error: (09/12/2013 06:00:04 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/11/2013 10:03:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 09:05:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 06:46:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 02:05:11 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/11/2013 02:02:12 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 08:24:39 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 08:17:22 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2013 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 16276.23 MB Available physical RAM: 13173.61 MB Total Pagefile: 32550.64 MB Available Pagefile: 28850.93 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:160 GB) (Free:51.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data1) (Fixed) (Total:238.47 GB) (Free:127.27 GB) NTFS Drive e: (Data) (Fixed) (Total:78.47 GB) (Free:10.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 7023C91D) Partition 1: (Active) - (Size=160 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 7023C933) Partition 1: (Not Active) - (Size=238 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
26.09.2013, 09:00 | #4 | |
/// the machine /// TB-Ausbilder | Wiederholtes Piepen, dann AbsturzCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.09.2013, 15:26 | #5 |
| Wiederholtes Piepen, dann AbsturzCode:
ATTFilter ComboFix 13-09-28.02 - Marat 29.09.2013 16:08:23.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16276.14058 [GMT 2:00] ausgeführt von:: c:\users\Marat\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marat\AppData\Local\Google\Chrome\User Data\Default\Preferences . . ((((((((((((((((((((((( Dateien erstellt von 2013-08-28 bis 2013-09-29 )))))))))))))))))))))))))))))) . . 2013-09-29 14:13 . 2013-09-29 14:13 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-09-29 14:13 . 2013-09-29 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-29 14:13 . 2013-09-29 14:13 -------- d-----w- c:\users\asdafe\AppData\Local\temp 2013-09-29 12:27 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1F1EE2D-A475-4F2F-AAEF-3DB6C308B794}\mpengine.dll 2013-09-22 22:58 . 2013-09-17 20:31 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2013-09-12 19:01 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-09-12 18:18 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-09-12 18:18 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-09-12 16:04 . 2013-09-12 16:04 -------- d-----w- C:\FRST 2013-09-09 12:22 . 2013-09-09 12:22 -------- d-----w- c:\users\Marat\AppData\Local\ElevatedDiagnostics . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-13 08:51 . 2012-11-26 15:27 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-08-16 10:48 . 2013-02-19 15:38 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-02 01:48 . 2013-09-12 18:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-15 08:42 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-15 08:42 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58 . 2013-08-15 08:51 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-15 08:51 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-15 08:51 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-15 08:44 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-15 08:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-15 08:51 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-15 08:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-15 08:44 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-15 08:51 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-15 08:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-15 08:51 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-15 08:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-06 06:03 . 2013-08-15 08:51 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}] c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-20 22:00 222712 ----a-w- c:\users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-20 22:00 222712 ----a-w- c:\users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-20 22:00 222712 ----a-w- c:\users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OscarEditor"="c:\program files (x86)\OSCAR Editor X7\OscarEditor.exe" [2012-03-20 3340288] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-12-26 438272] "GoogleChromeAutoLaunch_7275CEBAC9C3C4C0ADBEBAE3CBDA4C5C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-02 829392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-11-07 206448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032] "Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-16 2314416] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-25 3080192] Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-7-23 553984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys;c:\windows\SYSNATIVE\drivers\leath_hid.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe;c:\programdata\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x] S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-04 17:21 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 10:22] . 2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 10:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-20 22:00 261624 ----a-w- c:\users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-20 22:00 261624 ----a-w- c:\users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-20 22:00 261624 ----a-w- c:\users\Marat\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU] "CECAPLF"="c:\program files (x86)\ChiconyCam\CECAPLF.exe" [2011-07-06 121456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555 uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local> IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\Marat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\BfLLR.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-Locked - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-Locked - (no file) AddRemove-Audiosurf_is1 - e:\neuer ordner\Audiosurf\unins000.exe AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\EADMUninstall.exe AddRemove-My Mix - c:\windows\unvise32.exe AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe AddRemove-WinHTTrack Website Copier_is1 - e:\neuer ordner\WinHTTrack\unins000.exe AddRemove-«Conquest 2 - Frontier Wars Forever ™» v.5.3 - e:\conquest\C2-FWF\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-09-29 16:15:20 ComboFix-quarantined-files.txt 2013-09-29 14:15 . Vor Suchlauf: 19 Verzeichnis(se), 60.170.874.880 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 59.863.109.632 Bytes frei . - - End Of File - - 9BDE3A5A45D4AA38F23D173559C501A8 |
29.09.2013, 18:36 | #6 |
/// the machine /// TB-Ausbilder | Wiederholtes Piepen, dann Absturz Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Wiederholtes Piepen, dann Absturz |
07.10.2013, 17:21 | #7 |
| Wiederholtes Piepen, dann Absturz ok ich habs mal auf die defekte lüftung geschoben, und den laptop aufgeschraubt, ein bisschen dran gewackelt und wieder zugemacht. Läuft jetzt wieder prima, trotzdem danke. |
08.10.2013, 08:13 | #8 |
/// the machine /// TB-Ausbilder | Wiederholtes Piepen, dann Absturz Supi, aber die Scans würd ich trotzdem machen um die Adware zu entfernen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Wiederholtes Piepen, dann Absturz |
absturz, abstürze, abstürzen, anderen, arbeitet, bli, error, error meldung, hardware, hochfahren, laptop, lüftung, meldung, netzwerk, nicht mehr, nichts, piepen, plötzlich, prima, problem, schuld, seite, sekunden, virenschutzprogramm, virus, windows, windows 7, wirklich |