| |
| |||||||
Log-Analyse und Auswertung: Oracle America Inc. (jucheck.exe)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.10.2013, 08:38
| #1 |
| |  Oracle America Inc. (jucheck.exe) Ich habe das gleiche Problem wie http://www.trojaner-board.de/126046-...eck-exe.htmlIn Task-leiste erscheint regelmäßig: jucheck.exe erfordert Berechtigung des weiteren befinden sich in der Quarantäne meines Anitvirenprogramms (Avira Free Antivirus) folgende Dateien: JAVA/Lamar.dlk.28 JAVA/Lamar.rso.8 TR/Crypt.ZPACK.9324 TR/PSW.Fareit.1871 TR/Crypt.ZPACK.147 TR/Crypt.EPACK.759 TR/Zusy.60675 TR/Crypt.XPACK.Gen mich nach dem anderen Link richtend, habe ich OTL Oldtimer runtergeladen und den Inhalt der Textbox von markusg wie beschrieben kopiert und OTL scanen lassen. Das Ergebnis vom Quick Scan hier: OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.10.2013 08:56:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuno\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,59% Memory free 15,96 Gb Paging File | 14,20 Gb Available in Paging File | 88,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 42,21 Gb Free Space | 43,27% Space Free | Partition Type: NTFS Drive D: | 488,28 Gb Total Space | 481,77 Gb Free Space | 98,67% Space Free | Partition Type: NTFS Drive E: | 345,57 Gb Total Space | 253,40 Gb Free Space | 73,33% Space Free | Partition Type: NTFS Computer Name: U-TOWER | User Name: Kuno | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.10.02 08:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuno\Downloads\OTL.exe PRC - [2013.09.04 12:58:40 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.09.04 12:57:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.09.04 12:57:29 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.01.18 09:30:09 | 000,298,673 | ---- | M] (Official site, includes a presentation, a blog, a newsletter and information on devices) -- C:\Users\Kuno\AppData\Roaming\Nane\tiubu.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2012.01.04 18:05:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.01.21 13:33:32 | 000,214,360 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe PRC - [2010.07.29 11:59:36 | 000,116,632 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe ========== Modules (No Company Name) ========== MOD - [2011.03.11 10:47:52 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll MOD - [2011.01.21 15:05:44 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll MOD - [2010.12.29 18:32:32 | 000,614,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll MOD - [2010.12.29 17:52:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll MOD - [2010.12.23 13:17:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll MOD - [2010.12.20 16:21:06 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll MOD - [2010.11.30 16:42:22 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll MOD - [2010.11.26 10:45:10 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll MOD - [2010.11.26 10:33:20 | 004,583,424 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll MOD - [2010.10.22 10:22:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll MOD - [2010.10.22 10:01:46 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll MOD - [2010.09.26 11:13:24 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll MOD - [2010.09.26 11:13:02 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll MOD - [2010.09.09 18:00:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll MOD - [2010.09.08 17:10:10 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll MOD - [2010.09.08 10:52:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll MOD - [2010.08.03 10:51:10 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll MOD - [2010.08.03 10:44:44 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll MOD - [2010.07.13 10:48:18 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll MOD - [2010.05.07 11:46:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll MOD - [2010.04.27 15:20:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll MOD - [2010.03.02 15:09:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll MOD - [2009.12.04 17:20:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll MOD - [2009.11.27 17:38:52 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll MOD - [2009.11.26 17:49:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll MOD - [2009.09.09 14:44:26 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll MOD - [2009.08.06 10:22:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll MOD - [2009.06.26 09:03:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll MOD - [2008.11.17 14:56:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll MOD - [2008.08.25 17:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll MOD - [2008.08.25 16:16:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll MOD - [2007.12.20 14:37:00 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll MOD - [2007.08.31 17:51:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll MOD - [2007.03.30 10:24:12 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll MOD - [2007.03.30 10:01:28 | 000,038,992 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll MOD - [2007.03.30 09:57:04 | 000,034,896 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll MOD - [2007.03.30 09:49:38 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.12.12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.09.15 12:49:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.09.04 12:58:40 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.09.04 12:57:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.01 20:19:29 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.27 07:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2012.01.04 18:05:04 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.09.04 12:59:03 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.09.04 12:59:03 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.06.02 10:38:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.26 21:00:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.12.26 21:00:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.10.01 21:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.05.20 09:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.17 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediBar.com IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLvwzsva&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.12.29 16:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Google Mail = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE (NewSoft Technology Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Faduhudiex] C:\Users\Kuno\AppData\Roaming\Baahuv\haeb.exe ( ) O4 - HKCU..\Run: [homkido] rundll32 ",homkido File not found O4 - HKCU..\Run: [Kikas] C:\Users\Kuno\AppData\Roaming\Atre\wado.exe (SoftVector Solutions ) O4 - HKCU..\Run: [Poeqp] C:\Users\Kuno\AppData\Roaming\Waucu\qiux.exe () O4 - HKCU..\Run: [Quyse] C:\Users\Kuno\AppData\Roaming\Nane\tiubu.exe (Official site, includes a presentation, a blog, a newsletter and information on devices) O4 - HKCU..\Run: [Scan Buttons] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE (NewSoft Technology Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18EFE0C8-8408-4419-9A7D-C2734186F75E}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6eeb004f-2f9b-11e1-ad02-14dae92ea81a}\Shell - "" = AutoRun O33 - MountPoints2\{6eeb004f-2f9b-11e1-ad02-14dae92ea81a}\Shell\AutoRun\command - "" = K:\AUTOSTARTER.EXE O33 - MountPoints2\{6eeb005f-2f9b-11e1-ad02-14dae92ea81a}\Shell - "" = AutoRun O33 - MountPoints2\{6eeb005f-2f9b-11e1-ad02-14dae92ea81a}\Shell\AutoRun\command - "" = L:\AUTOSTARTER.EXE O33 - MountPoints2\{d5f30bc6-4753-11e1-ab67-14dae92ea81a}\Shell - "" = AutoRun O33 - MountPoints2\{d5f30bc6-4753-11e1-ab67-14dae92ea81a}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2EACD91F-B1C4-0780-9EDD-F30A46B11BC5} - Browser Customizations ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {8A37D346-EEBC-B3EC-AC6B-413742F5C911} - Browser Customizations ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B940A9DC-FDB6-0805-F3C1-FDC63A70B803} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {D1B3CE77-6847-945D-9BC9-B3C023564174} - Microsoft Windows Media Player ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F02C093C-B01B-65FF-A9EC-57E89C8D0D57} - Microsoft Windows Media Player ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Aeria Ignite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.09.28 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Vuwo [2013.09.28 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Selas [2013.09.28 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Dees [2013.09.22 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Usbi [2013.09.22 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Lina [2013.09.22 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ituf [2013.09.22 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Yknoho [2013.09.22 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Vyegvu [2013.09.22 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Anbar [2013.09.19 16:16:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ywash [2013.09.19 16:16:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Cowe [2013.09.19 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Cesagi [2013.09.18 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Okivn [2013.09.18 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ixdoh [2013.09.18 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ibhyz [2013.09.15 11:56:45 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Zasig [2013.09.15 11:56:45 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Nane [2013.09.15 11:56:45 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Kamey [2013.09.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Zuki [2013.09.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ovwuvy [2013.09.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Meyc [2013.09.10 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Nycymi [2013.09.10 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Nosepo [2013.09.10 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Fuegi [2013.09.08 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Uwgei [2013.09.08 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Kuagze [2013.09.08 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Dywui [2013.09.03 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Yqidu [2013.09.03 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Epupuf [2013.09.03 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Biuk [2013.09.03 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Qikok [2013.09.03 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ehfuxi [2013.09.03 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Baahuv [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.10.02 08:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.02 08:38:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job [2013.10.02 08:35:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.02 08:35:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.02 08:25:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.02 08:25:11 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys [2013.09.24 21:38:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job [2013.09.19 19:09:31 | 001,553,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.09.19 19:09:31 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.09.19 19:09:31 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.09.19 19:09:31 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.09.19 19:09:31 | 000,090,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.09.16 18:01:58 | 004,930,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.09.04 12:59:03 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.09.04 12:59:03 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.09.04 12:59:03 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.01 20:19:46 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2013.03.01 18:24:59 | 001,530,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.30 17:43:31 | 000,000,017 | ---- | C] () -- C:\Users\Kuno\AppData\Local\resmon.resmoncfg [2012.01.07 16:05:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.21 18:33:49 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.21 18:33:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.08 02:55:57 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.12.08 02:55:57 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.12.08 02:52:19 | 000,042,370 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.12.08 02:51:36 | 000,033,165 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.01 14:39:50 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\.minecraft [2013.10.02 08:25:38 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\.oit [2012.06.01 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Aeria Games & Entertainment [2013.09.22 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Anbar [2013.08.30 13:43:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Atre [2012.08.30 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Audacity [2013.03.01 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Autodesk [2013.09.03 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Baahuv [2013.08.29 20:54:35 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Bihad [2013.09.03 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Biuk [2013.09.19 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Cesagi [2011.12.29 16:24:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.09.19 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Cowe [2011.12.26 20:55:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\DAEMON Tools Lite [2013.09.28 06:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Dees [2012.12.29 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\DeviceVm [2013.09.08 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Dywui [2013.09.15 13:35:44 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ehfuxi [2013.09.03 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Epupuf [2013.09.10 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Fuegi [2013.08.28 13:08:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Hiigit [2013.09.18 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ibhyz [2013.09.03 21:56:26 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ikry [2013.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ituf [2013.09.18 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ixdoh [2013.10.02 08:29:16 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Kamey [2013.09.08 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Kuagze [2012.02.10 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\LaunchPad [2013.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Lina [2011.12.17 00:51:42 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\LolClient [2012.05.24 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\LolClient2 [2013.09.10 17:14:19 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Meyc [2013.09.15 11:56:45 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Nane [2013.07.19 23:04:04 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\NewSoft [2013.09.10 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Nycymi [2013.09.18 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Okivn [2012.01.25 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\OpenOffice.org [2013.03.01 12:53:51 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Opera [2013.08.27 20:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Oqgi [2012.08.25 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Origin [2013.09.15 12:11:31 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ovwuvy [2013.08.30 13:43:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Qewe [2013.09.03 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Qikok [2013.08.28 13:08:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ryuhr [2013.09.28 06:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Selas [2012.07.09 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\six-zsync [2013.08.29 20:54:35 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Soxer [2013.08.28 13:08:14 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Tagi [2012.02.07 14:28:57 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\TeamViewer [2012.12.29 14:39:22 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\TS3Client [2013.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Usbi [2013.09.08 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Uwgei [2013.09.28 06:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Vuwo [2013.09.22 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Vyegvu [2013.08.27 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Waucu [2012.02.08 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\X-Chat 2 [2013.08.27 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Xuomav [2013.08.29 20:54:35 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ykexnu [2013.09.22 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Yknoho [2013.09.03 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Yqidu [2013.09.19 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ywash [2013.09.15 11:56:45 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Zasig [2013.09.10 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Zuki ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.08 02:47:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.12.08 02:46:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.15 22:20:00 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.01.09 14:59:31 | 000,000,000 | -HSD | M] -- C:\found.001 [2012.01.13 15:00:24 | 000,000,000 | -HSD | M] -- C:\found.002 [2012.03.10 16:03:12 | 000,000,000 | -HSD | M] -- C:\found.003 [2012.07.17 14:33:44 | 000,000,000 | -HSD | M] -- C:\found.004 [2012.12.31 13:07:54 | 000,000,000 | ---D | M] -- C:\Games [2011.12.08 03:10:33 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.01 20:17:01 | 000,000,000 | R--D | M] -- C:\Program Files [2013.07.22 11:05:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.07.22 11:04:26 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.12.08 02:46:56 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.31 12:31:40 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.10.02 08:58:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.08 03:11:42 | 000,000,000 | R--D | M] -- C:\Users [2013.07.22 10:43:27 | 000,000,000 | ---D | M] -- C:\Windows [2012.12.31 13:09:17 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.02 16:36:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.10.06 19:48:23 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job [2012.10.06 19:48:24 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] () MD5=F7D5FF3A6429ABDD5C0199698D9DE033 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.10.02 09:14:03 | 002,621,440 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat [2013.10.02 09:14:03 | 000,262,144 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat.LOG1 [2011.12.08 02:47:08 | 000,000,000 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat.LOG2 [2011.12.08 02:59:36 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.12.08 02:59:36 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.12.08 02:59:36 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.12.22 12:05:33 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6125d53c-2c84-11e1-9a86-14dae92ea81a}.TM.blf [2011.12.22 12:05:33 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6125d53c-2c84-11e1-9a86-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2011.12.22 12:05:33 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6125d53c-2c84-11e1-9a86-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2012.12.29 14:37:50 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{629baeb8-51b0-11e2-ac9a-14dae92ea81a}.TM.blf [2012.12.29 14:37:50 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{629baeb8-51b0-11e2-ac9a-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2012.12.29 14:37:50 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{629baeb8-51b0-11e2-ac9a-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2011.12.22 11:58:45 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6a627238-2c83-11e1-820a-14dae92ea81a}.TM.blf [2011.12.22 11:58:45 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6a627238-2c83-11e1-820a-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2011.12.22 11:58:45 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6a627238-2c83-11e1-820a-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2011.12.22 12:01:17 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{c7f6beba-2c83-11e1-84c2-14dae92ea81a}.TM.blf [2011.12.22 12:01:17 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{c7f6beba-2c83-11e1-84c2-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2011.12.22 12:01:17 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{c7f6beba-2c83-11e1-84c2-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2011.12.22 12:08:47 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{d7c2d2be-2c84-11e1-9060-14dae92ea81a}.TM.blf [2011.12.22 12:08:47 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{d7c2d2be-2c84-11e1-9060-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2011.12.22 12:08:47 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{d7c2d2be-2c84-11e1-9060-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2013.05.26 20:54:00 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e0c7f0aa-c621-11e2-bba9-14dae92ea81a}.TM.blf [2013.05.26 20:54:00 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e0c7f0aa-c621-11e2-bba9-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2013.05.26 20:54:00 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e0c7f0aa-c621-11e2-bba9-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2012.12.29 14:45:02 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e6519d5c-51a8-11e2-a997-14dae92ea81a}.TM.blf [2012.12.29 14:45:02 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e6519d5c-51a8-11e2-a997-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms [2012.12.29 14:45:02 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e6519d5c-51a8-11e2-a997-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms [2011.12.08 02:47:08 | 000,000,020 | -HS- | M] () -- C:\Users\Kuno\ntuser.ini [2013.07.23 14:28:57 | 000,000,000 | ---- | M] () -- C:\Users\Kuno\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > im Anhang ist die Extras.Txt Danke für euer Bemühen im Vorraus Geändert von Chuckim (02.10.2013 um 08:47 Uhr) |
|
02.10.2013, 08:55
| #2 |
| /// TB-Ausbilder   | Oracle America Inc. (jucheck.exe) Hallo,
__________________und das ist nicht dein Java, das sich updaten will..? Denn das ist gewaltig alt.. Wohl auch aus diesem Grund läuft einiges an Malware bei dir. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
02.10.2013, 09:25
| #3 |
| | Oracle America Inc. (jucheck.exe) als erstes ein großes Danke für die schnelle Antwort.
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Kuno (administrator) on U-TOWER on 02-10-2013 10:15:45
Running from C:\Users\Kuno\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Akamai Technologies, Inc.) C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Akamai Technologies, Inc.) C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Official site, includes a presentation, a blog, a newsletter and information on devices) C:\Users\Kuno\AppData\Roaming\Nane\tiubu.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-06] (Google Inc.)
HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKCU\...\Run: [homkido] - rundll32 ",homkido
HKCU\...\Run: [Poeqp] - C:\Users\Kuno\AppData\Roaming\Waucu\qiux.exe [286513 2013-08-15] ()
HKCU\...\Run: [Kikas] - C:\Users\Kuno\AppData\Roaming\Atre\wado.exe [354304 2013-07-16] (SoftVector Solutions )
HKCU\...\Run: [Faduhudiex] - C:\Users\Kuno\AppData\Roaming\Baahuv\haeb.exe [318108 2012-10-17] ( )
HKCU\...\Run: [Quyse] - C:\Users\Kuno\AppData\Roaming\Nane\tiubu.exe [298673 2013-01-18] (Official site, includes a presentation, a blog, a newsletter and information on devices)
HKCU\...\Policies\Explorer: []
MountPoints2: {6eeb004f-2f9b-11e1-ad02-14dae92ea81a} - K:\AUTOSTARTER.EXE
MountPoints2: {6eeb005f-2f9b-11e1-ad02-14dae92ea81a} - L:\AUTOSTARTER.EXE
MountPoints2: {d5f30bc6-4753-11e1-ab67-14dae92ea81a} - M:\LaunchU3.exe -a
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb178?a=6OyLvwzsva&i=26
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLvwzsva&i=26
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLvwzsva&i=26
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Adblock Plus) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0
CHR Extension: (Google Search) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (Gmail) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-04] ()
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-12-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-02] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-12-26] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Kuno\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dump_wmimmc; \??\D:\wólfteam\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va007; \??\C:\Users\Kuno\AppData\Local\Temp\0077779.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-02 10:15 - 2013-10-02 10:15 - 01953880 _____ (Farbar) C:\Users\Kuno\Downloads\FRST64.exe
2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST
2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt
2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt
2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe
2013-09-28 06:38 - 2013-09-28 06:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Vuwo
2013-09-28 06:38 - 2013-09-28 06:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Selas
2013-09-28 06:38 - 2013-09-28 06:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Dees
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Yknoho
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Vyegvu
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Usbi
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Lina
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ituf
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Anbar
2013-09-19 16:16 - 2013-09-19 16:16 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ywash
2013-09-19 16:16 - 2013-09-19 16:16 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Cowe
2013-09-19 16:16 - 2013-09-19 16:16 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Cesagi
2013-09-18 14:21 - 2013-09-18 14:21 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Okivn
2013-09-18 14:21 - 2013-09-18 14:21 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ixdoh
2013-09-18 14:21 - 2013-09-18 14:21 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ibhyz
2013-09-15 14:39 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 14:39 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 14:39 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-15 14:39 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 14:39 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 14:39 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-15 14:39 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-15 14:39 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-15 14:39 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 14:39 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-15 14:39 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-15 14:39 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-15 11:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-15 11:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-15 11:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-15 11:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-15 11:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-15 11:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-15 11:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-15 11:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-15 11:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-15 11:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-15 11:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-15 11:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-15 11:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-15 11:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-15 11:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-15 11:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-15 11:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-15 11:56 - 2013-10-02 08:29 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kamey
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zasig
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Nane
2013-09-10 17:14 - 2013-09-15 12:11 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ovwuvy
2013-09-10 17:14 - 2013-09-10 17:55 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zuki
2013-09-10 17:14 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Meyc
2013-09-10 16:13 - 2013-09-10 16:13 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Nycymi
2013-09-10 16:13 - 2013-09-10 16:13 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Nosepo
2013-09-10 16:13 - 2013-09-10 16:13 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Fuegi
2013-09-08 11:01 - 2013-09-08 11:01 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Uwgei
2013-09-08 11:01 - 2013-09-08 11:01 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kuagze
2013-09-08 11:01 - 2013-09-08 11:01 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Dywui
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Yqidu
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Epupuf
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Biuk
2013-09-03 21:56 - 2013-09-15 13:35 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ehfuxi
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Qikok
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Baahuv
==================== One Month Modified Files and Folders =======
2013-10-02 10:15 - 2013-10-02 10:15 - 01953880 _____ (Farbar) C:\Users\Kuno\Downloads\FRST64.exe
2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST
2013-10-02 09:49 - 2012-07-02 16:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 09:38 - 2012-10-06 19:48 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job
2013-10-02 09:31 - 2011-12-07 02:41 - 01344090 _____ C:\Windows\WindowsUpdate.log
2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt
2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt
2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe
2013-10-02 08:35 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 08:35 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 08:29 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kamey
2013-10-02 08:28 - 2011-12-09 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Local\CrashDumps
2013-10-02 08:25 - 2013-07-19 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\.oit
2013-10-02 08:25 - 2011-12-08 03:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-02 08:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 08:25 - 2009-07-14 06:51 - 00063020 _____ C:\Windows\setupact.log
2013-09-28 06:38 - 2013-09-28 06:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Vuwo
2013-09-28 06:38 - 2013-09-28 06:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Selas
2013-09-28 06:38 - 2013-09-28 06:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Dees
2013-09-24 21:38 - 2012-10-06 19:48 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job
2013-09-23 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Yknoho
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Vyegvu
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Usbi
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Lina
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ituf
2013-09-22 17:39 - 2013-09-22 17:39 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Anbar
2013-09-19 19:09 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-19 19:09 - 2009-07-14 19:58 - 00090258 _____ C:\Windows\system32\perfc007.dat
2013-09-19 19:09 - 2009-07-14 07:13 - 01553992 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 16:16 - 2013-09-19 16:16 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ywash
2013-09-19 16:16 - 2013-09-19 16:16 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Cowe
2013-09-19 16:16 - 2013-09-19 16:16 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Cesagi
2013-09-18 14:21 - 2013-09-18 14:21 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Okivn
2013-09-18 14:21 - 2013-09-18 14:21 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ixdoh
2013-09-18 14:21 - 2013-09-18 14:21 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ibhyz
2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 18:01 - 2009-07-14 06:45 - 04930992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 14:39 - 2013-08-14 15:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-15 14:38 - 2011-12-20 20:29 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-15 13:35 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ehfuxi
2013-09-15 12:49 - 2012-07-02 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 12:49 - 2012-07-02 16:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 12:49 - 2011-12-08 22:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 12:11 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ovwuvy
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zasig
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Nane
2013-09-10 17:55 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zuki
2013-09-10 17:14 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Meyc
2013-09-10 16:13 - 2013-09-10 16:13 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Nycymi
2013-09-10 16:13 - 2013-09-10 16:13 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Nosepo
2013-09-10 16:13 - 2013-09-10 16:13 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Fuegi
2013-09-08 11:01 - 2013-09-08 11:01 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Uwgei
2013-09-08 11:01 - 2013-09-08 11:01 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kuagze
2013-09-08 11:01 - 2013-09-08 11:01 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Dywui
2013-09-04 12:59 - 2013-06-03 21:11 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 12:59 - 2013-06-02 11:35 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 12:59 - 2013-06-02 11:35 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Yqidu
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Epupuf
2013-09-03 21:58 - 2013-09-03 21:58 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Biuk
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Qikok
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Baahuv
2013-09-03 21:56 - 2013-08-30 13:43 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ikry
Some content of TEMP:
====================
C:\Users\Kuno\AppData\Local\Temp\2dftrh6y5et4wef.exe
C:\Users\Kuno\AppData\Local\Temp\AcDeltree.exe
C:\Users\Kuno\AppData\Local\Temp\AskSLib.dll
C:\Users\Kuno\AppData\Local\Temp\CheatEngine62Clean.exe
C:\Users\Kuno\AppData\Local\Temp\contentDATs.exe
C:\Users\Kuno\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Kuno\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Kuno\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Kuno\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Kuno\AppData\Local\Temp\firefoxjre_exe-5.exe
C:\Users\Kuno\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Kuno\AppData\Local\Temp\guninst.exe
C:\Users\Kuno\AppData\Local\Temp\i4jdel0.exe
C:\Users\Kuno\AppData\Local\Temp\IminentSetup.exe
C:\Users\Kuno\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Kuno\AppData\Local\Temp\installerdll385135.dll
C:\Users\Kuno\AppData\Local\Temp\installerdll5104165.dll
C:\Users\Kuno\AppData\Local\Temp\installerdll5248357.dll
C:\Users\Kuno\AppData\Local\Temp\installerdll5262834.dll
C:\Users\Kuno\AppData\Local\Temp\installerdll5546022.dll
C:\Users\Kuno\AppData\Local\Temp\installerdll5547972.dll
C:\Users\Kuno\AppData\Local\Temp\installerdll5555897.dll
C:\Users\Kuno\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\Kuno\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Kuno\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kuno\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kuno\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Kuno\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Kuno\AppData\Local\Temp\nvStInst.exe
C:\Users\Kuno\AppData\Local\Temp\OriginLauncher5546022.exe
C:\Users\Kuno\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Kuno\AppData\Local\Temp\rootsupd.exe
C:\Users\Kuno\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Kuno\AppData\Local\Temp\Setup.exe
C:\Users\Kuno\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kuno\AppData\Local\Temp\sonarinst.exe
C:\Users\Kuno\AppData\Local\Temp\su-setup.exe
C:\Users\Kuno\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Kuno\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Kuno\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Kuno\AppData\Local\Temp\Vid-Saver-rs.exe
C:\Users\Kuno\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Kuno\AppData\Local\Temp\_is196.exe
C:\Users\Kuno\AppData\Local\Temp\_isAEA6.exe
C:\Users\Kuno\AppData\Local\Temp\_isDFB4.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-23 11:09
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Kuno at 2013-10-02 10:18:38
Running from C:\Users\Kuno\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Akamai NetSession Interface (HKCU)
Anleitung für Epson Connect (x32)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0)
ASUS nVidia Driver (x32 Version: 1.00.0000)
ATI Catalyst Install Manager (Version: 3.0.762.0)
AutoCAD 2013 - Deutsch (German) (Version: 19.0.55.0)
AutoCAD 2013 Language Pack - Deutsch (German) (Version: 19.0.55.0)
Autodesk Content Service (x32 Version: 3.0.84.0)
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Inventor Fusion Plugin for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Material Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Client (x32)
CPUID CPU-Z 1.59
Epson Benutzerhandbuch WF-2540 Series (x32)
Epson Easy Photo Print 2 (x32 Version: 2.4.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Netzwerkhandbuch WF-2540 Series (x32)
EPSON Scan (x32)
EPSON WF-2540 Series Printer Uninstall
EW : Cossacks (x32)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
Google Chrome (HKCU Version: 29.0.1547.76)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 29 (64-bit) (Version: 6.0.290)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Java(TM) 7 Update 4 (x32 Version: 7.0.40)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
NVIDIA 3D Vision Controller Driver (x32 Version: 267.67)
NVIDIA 3D Vision Controller-Treiber 285.62 (Version: 285.62)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.11.0621)
NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.16 (x32 Version: 12.16.1860)
Platform (x32 Version: 1.34)
Presto! PageManager 9.03 SE (x32 Version: 9.03.06)
Software Updater (x32 Version: 4.1.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VIA Plattform-Geräte-Manager (x32 Version: 1.34)
VLC media player 1.1.11 (x32 Version: 1.1.11)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
==================== Restore Points =========================
25-08-2013 11:05:07 Geplanter Prüfpunkt
15-09-2013 12:28:46 Windows Update
23-09-2013 09:16:45 Geplanter Prüfpunkt
02-10-2013 06:58:51 OTL Restore Point - 02.10.2013 08:58:51
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {46C93E53-5DCD-4F70-9C5C-B278384B998C} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
Task: {65C17F68-7ECB-4439-9941-AEC7E3150AF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA => C:\Users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06] (Google Inc.)
Task: {7D75C38C-6746-4739-BE20-61A8BF97B7FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core => C:\Users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06] (Google Inc.)
Task: {8430A7C5-E4CF-45AA-9974-BCBEB5D9D23D} - System32\Tasks\Core Temp Autostart Kuno => C:\Users\Kuno\AppData\Local\Temp\Rar$EX26.600\Core Temp.exe
Task: {87A89C51-A4DE-411D-B8F1-9D9B0972310F} - System32\Tasks\User_Feed_Synchronization-{3915E791-2316-457B-A6C9-5680B426C3C8} => C:\Windows\system32\msfeedssync.exe [2013-05-11] (Microsoft Corporation)
Task: {C092AAB1-226C-4B2B-BA35-ECD7F5ECBBC7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15] (Adobe Systems Incorporated)
Task: {CBA720F3-0E1C-435E-85AB-03C51B497F8C} - System32\Tasks\{A861EB09-699B-413C-AA48-D4F137969D59} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job => C:\Users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job => C:\Users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-12-11 21:09 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-12-08 02:54 - 2010-12-17 14:25 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-12-08 02:54 - 2010-12-17 14:25 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-12-08 02:54 - 2010-12-17 14:25 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-12-08 02:54 - 2010-12-17 14:25 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-06-02 11:35 - 2013-06-02 10:38 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-07-19 22:59 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-07-19 22:59 - 2010-12-23 13:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-07-19 23:00 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-07-19 22:59 - 2010-12-29 17:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-07-19 22:59 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-07-19 23:00 - 2011-03-11 10:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-07-19 22:59 - 2010-12-20 16:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-07-19 22:59 - 2010-10-22 10:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-07-19 22:59 - 2010-10-22 10:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-07-19 22:59 - 2010-12-29 18:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-07-19 22:59 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-07-19 22:59 - 2010-09-09 18:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-07-19 22:59 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-07-19 22:59 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-07-19 22:59 - 2010-08-03 10:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-07-19 22:59 - 2007-12-20 14:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-07-19 22:59 - 2011-01-21 15:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-07-19 22:59 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2013-07-19 22:59 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-07-19 22:59 - 2010-11-30 16:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-07-19 22:59 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-07-19 23:00 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-07-19 22:59 - 2010-09-08 17:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-07-19 22:59 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-07-19 22:59 - 2010-11-26 10:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-07-19 22:59 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-07-19 22:59 - 2010-09-26 11:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-07-19 22:59 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-07-19 22:59 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-07-19 23:00 - 2010-08-03 10:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-07-19 22:59 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-07-19 22:59 - 2010-09-26 11:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-07-19 22:59 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-07-19 22:59 - 2010-09-08 10:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-07-19 22:59 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-07-19 22:59 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-07-19 22:59 - 2010-11-26 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2013-09-15 12:49 - 2013-09-15 12:49 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/02/2013 08:58:51 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {a584a022-2ffe-43a9-b7d0-d1821c5f3577}
Error: (10/02/2013 08:36:26 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde nicht erfolgreich abgeschlossen, da eine Schattenkopie nicht erstellt werden konnte. Löschen Sie auf dem zu sichernden Laufwerk nicht benötigte Dateien, um Speicherplatz freizugeben, und wiederholen Sie den Vorgang.
Error: (10/02/2013 08:36:26 AM) (Source: SPP) (User: )
Description: Fehler beim Erstellen von Schattenkopien, da ASR Writer einen Fehler gemeldet hat.
Weitere Informationen: Falscher Parameter. (0x80070057).
Error: (10/02/2013 08:36:25 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Check OnIdentifyError" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {b1625271-b6f3-4c8b-a30f-5e287ad39998}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (10/02/2013 08:36:18 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {b1625271-b6f3-4c8b-a30f-5e287ad39998}
Error: (10/02/2013 08:36:02 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {b1625271-b6f3-4c8b-a30f-5e287ad39998}
Error: (10/02/2013 08:28:16 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: qiux.exe, Version: 1.0.0.0, Zeitstempel: 0x509c0407
Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bda75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x730b2505
ID des fehlerhaften Prozesses: 0x9d4
Startzeit der fehlerhaften Anwendung: 0xqiux.exe0
Pfad der fehlerhaften Anwendung: qiux.exe1
Pfad des fehlerhaften Moduls: qiux.exe2
Berichtskennung: qiux.exe3
Error: (10/02/2013 08:28:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: haeb.exe, Version: 1.0.0.1, Zeitstempel: 0x509c048f
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000453a4
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xhaeb.exe0
Pfad der fehlerhaften Anwendung: haeb.exe1
Pfad des fehlerhaften Moduls: haeb.exe2
Berichtskennung: haeb.exe3
Error: (10/02/2013 08:26:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xf84
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/28/2013 06:38:27 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xb90
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
System errors:
=============
Error: (10/02/2013 08:29:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/02/2013 08:29:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/02/2013 08:26:57 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/02/2013 08:26:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/02/2013 08:26:37 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/28/2013 10:03:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/28/2013 10:03:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/28/2013 06:41:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/28/2013 06:41:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/28/2013 06:39:32 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Avira Echtzeit-Scanner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Microsoft Office Sessions:
=========================
Error: (10/02/2013 08:58:51 AM) (Source: VSS)(User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {a584a022-2ffe-43a9-b7d0-d1821c5f3577}
Error: (10/02/2013 08:36:26 AM) (Source: Windows Backup)(User: )
Description: Es konnte keine Schattenkopie erstellt werden. Weitere Informationen finden Sie in den Anwendungsereignisprotokollen "VSS" und "SPP". (0x81000019)
Error: (10/02/2013 08:36:26 AM) (Source: SPP)(User: )
Description: ASR WriterFalscher Parameter. (0x80070057)
Error: (10/02/2013 08:36:25 AM) (Source: VSS)(User: )
Description: Check OnIdentifyError0x80070057, Falscher Parameter.
Vorgang:
PrepareForBackup-Ereignis
Kontext:
Ausführungskontext: ASR Writer
Ausführungskontext: Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {b1625271-b6f3-4c8b-a30f-5e287ad39998}
Fehlerspezifische
Details:
ASR Writer: Falscher Parameter. (0x80070057)
Error: (10/02/2013 08:36:18 AM) (Source: VSS)(User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {b1625271-b6f3-4c8b-a30f-5e287ad39998}
Error: (10/02/2013 08:36:02 AM) (Source: VSS)(User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: ASR Writer
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {b1625271-b6f3-4c8b-a30f-5e287ad39998}
Error: (10/02/2013 08:28:16 AM) (Source: Application Error)(User: )
Description: qiux.exe1.0.0.0509c0407netprofm.dll_unloaded0.0.0.04a5bda75c0000005730b25059d401cebf3836de8184C:\Users\Kuno\AppData\Roaming\Waucu\qiux.exenetprofm.dlld1bd8caa-2b2b-11e3-a8e7-14dae92ea81a
Error: (10/02/2013 08:28:00 AM) (Source: Application Error)(User: )
Description: haeb.exe1.0.0.1509c048fole32.dll6.1.7601.175144ce7b96fc0000005000453a48a001cebf3833391801C:\Users\Kuno\AppData\Roaming\Baahuv\haeb.exeC:\Windows\syswow64\ole32.dllc82761f2-2b2b-11e3-a8e7-14dae92ea81a
Error: (10/02/2013 08:26:26 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487f8401cebf38482ec3beC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe90077008-2b2b-11e3-a8e7-14dae92ea81a
Error: (09/28/2013 06:38:27 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487b9001cebc0486a5c63dC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exed0f8c588-27f7-11e3-9435-14dae92ea81a
CodeIntegrity Errors:
===================================
Date: 2011-12-08 17:54:07.243
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Rt64win7.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-08 17:54:07.243
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Rt64win7.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-08 17:54:06.463
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nvlddmkm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-08 17:54:06.307
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\nvlddmkm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8174.12 MB
Available physical RAM: 6046.41 MB
Total Pagefile: 16346.42 MB
Available Pagefile: 14098.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Festplatte) (Fixed) (Total:97.56 GB) (Free:42.16 GB) NTFS
Drive d: (Festplatte) (Fixed) (Total:488.28 GB) (Free:481.77 GB) NTFS
Drive e: (Festplatte) (Fixed) (Total:345.57 GB) (Free:253.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3FF08319)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=346 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
02.10.2013, 09:52
| #4 |
| /// TB-Ausbilder | Oracle America Inc. (jucheck.exe) Hi, eine ansehnliche Malwaresammlung hast du dir zugelegt.. Unbedingt alle Passwörter etc. ändern, wenn wir hier fertig sind.  Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
02.10.2013, 11:31
| #5 |
| | Oracle America Inc. (jucheck.exe) hmmm so schön ist diese Nachricht ja nicht. baer nun... es klappte soweit alles ganz gut. Bei Combofix hab ich zuvor nicht mein Antivir Desktop deaktivieren können (den Echtzeit Scanner aber konnte ich deaktivieren). Darauf bezogen kam eine Meldung, dass das evtl. Schwierigkeiten bereiten könnte, was es aber nicht hat. Das Programm lief phne Srörungen durch. AdwCleaner Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 02/10/2013 um 11:19:15
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Kuno - U-TOWER
# Gestartet von : C:\Users\Kuno\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\Users\Kuno\AppData\Roaming\DeviceVM
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unknown-devices_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unknown-devices_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
-\\ Google Chrome v
[ Datei : C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3333 octets] - [02/10/2013 11:16:01]
AdwCleaner[S0].txt - [2873 octets] - [02/10/2013 11:19:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2933 octets] ##########
Code:
ATTFilter ComboFix 13-10-01.03 - Kuno 02.10.2013 11:51:03.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8174.6158 [GMT 2:00]
ausgeführt von:: c:\users\Kuno\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kuno\AppData\Local\assembly\tmp
c:\users\Kuno\AppData\Roaming\Anbar
c:\users\Kuno\AppData\Roaming\Anbar\wibi.mao
c:\users\Kuno\AppData\Roaming\Atre
c:\users\Kuno\AppData\Roaming\Atre\wado.exe
c:\users\Kuno\AppData\Roaming\Baahuv
c:\users\Kuno\AppData\Roaming\Baahuv\haeb.exe
c:\users\Kuno\AppData\Roaming\Bihad
c:\users\Kuno\AppData\Roaming\Bihad\keuru.wei
c:\users\Kuno\AppData\Roaming\Biuk
c:\users\Kuno\AppData\Roaming\Biuk\ocido.bax
c:\users\Kuno\AppData\Roaming\Cesagi
c:\users\Kuno\AppData\Roaming\Cesagi\couqh.exe
c:\users\Kuno\AppData\Roaming\Cowe
c:\users\Kuno\AppData\Roaming\Cowe\piki.moe
c:\users\Kuno\AppData\Roaming\Dees
c:\users\Kuno\AppData\Roaming\Dees\aftoc.kau
c:\users\Kuno\AppData\Roaming\Dywui
c:\users\Kuno\AppData\Roaming\Dywui\teax.tyy
c:\users\Kuno\AppData\Roaming\Epupuf
c:\users\Kuno\AppData\Roaming\Epupuf\avewl.exe
c:\users\Kuno\AppData\Roaming\Fuegi
c:\users\Kuno\AppData\Roaming\Fuegi\aqdun.iti
c:\users\Kuno\AppData\Roaming\Hiigit
c:\users\Kuno\AppData\Roaming\Hiigit\olwao.exe
c:\users\Kuno\AppData\Roaming\Ibhyz
c:\users\Kuno\AppData\Roaming\Ibhyz\maxi.von
c:\users\Kuno\AppData\Roaming\Ituf
c:\users\Kuno\AppData\Roaming\Ituf\civi.leo
c:\users\Kuno\AppData\Roaming\Ixdoh
c:\users\Kuno\AppData\Roaming\Ixdoh\umza.exe
c:\users\Kuno\AppData\Roaming\Kuagze
c:\users\Kuno\AppData\Roaming\Kuagze\wyreu.exe
c:\users\Kuno\AppData\Roaming\Lina
c:\users\Kuno\AppData\Roaming\Lina\unty.xae
c:\users\Kuno\AppData\Roaming\Nane
c:\users\Kuno\AppData\Roaming\Nane\tiubu.exe
c:\users\Kuno\AppData\Roaming\Nosepo
c:\users\Kuno\AppData\Roaming\Nosepo\udgy.exe
c:\users\Kuno\AppData\Roaming\Nycymi
c:\users\Kuno\AppData\Roaming\Nycymi\ybork.pas
c:\users\Kuno\AppData\Roaming\Okivn
c:\users\Kuno\AppData\Roaming\Okivn\ehbew.ere
c:\users\Kuno\AppData\Roaming\Ryuhr
c:\users\Kuno\AppData\Roaming\Ryuhr\dozeb.yla
c:\users\Kuno\AppData\Roaming\Selas
c:\users\Kuno\AppData\Roaming\Selas\tiib.azz
c:\users\Kuno\AppData\Roaming\Soxer
c:\users\Kuno\AppData\Roaming\Soxer\huyf.osb
c:\users\Kuno\AppData\Roaming\Tagi
c:\users\Kuno\AppData\Roaming\Tagi\zuafk.ivd
c:\users\Kuno\AppData\Roaming\Usbi
c:\users\Kuno\AppData\Roaming\Usbi\laane.exe
c:\users\Kuno\AppData\Roaming\Uwgei
c:\users\Kuno\AppData\Roaming\Uwgei\uduc.ebz
c:\users\Kuno\AppData\Roaming\Vuwo
c:\users\Kuno\AppData\Roaming\Vuwo\hapiz.exe
c:\users\Kuno\AppData\Roaming\Vyegvu
c:\users\Kuno\AppData\Roaming\Vyegvu\olta.vua
c:\users\Kuno\AppData\Roaming\Waucu
c:\users\Kuno\AppData\Roaming\Waucu\qiux.exe
c:\users\Kuno\AppData\Roaming\Ykexnu
c:\users\Kuno\AppData\Roaming\Ykexnu\inky.exe
c:\users\Kuno\AppData\Roaming\Yknoho
c:\users\Kuno\AppData\Roaming\Yknoho\kecoe.exe
c:\users\Kuno\AppData\Roaming\Yqidu
c:\users\Kuno\AppData\Roaming\Yqidu\ipwyo.zah
c:\users\Kuno\AppData\Roaming\Ywash
c:\users\Kuno\AppData\Roaming\Ywash\bapat.opk
c:\windows\kernel32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-02 bis 2013-10-02 ))))))))))))))))))))))))))))))
.
.
2013-10-02 10:21 . 2013-10-02 10:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-02 10:21 . 2013-10-02 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-02 09:14 . 2013-10-02 09:27 -------- d-----w- C:\AdwCleaner
2013-10-02 08:15 . 2013-10-02 08:15 -------- d-----w- C:\FRST
2013-09-15 09:59 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-15 09:56 . 2013-10-02 09:38 -------- d-----w- c:\users\Kuno\AppData\Roaming\Kamey
2013-09-15 09:56 . 2013-09-15 09:56 -------- d-----w- c:\users\Kuno\AppData\Roaming\Zasig
2013-09-10 15:14 . 2013-09-15 10:11 -------- d-----w- c:\users\Kuno\AppData\Roaming\Ovwuvy
2013-09-10 15:14 . 2013-09-10 15:55 -------- d-----w- c:\users\Kuno\AppData\Roaming\Zuki
2013-09-10 15:14 . 2013-09-10 15:14 -------- d-----w- c:\users\Kuno\AppData\Roaming\Meyc
2013-09-03 19:56 . 2013-09-15 11:35 -------- d-----w- c:\users\Kuno\AppData\Roaming\Ehfuxi
2013-09-03 19:56 . 2013-09-03 19:56 -------- d-----w- c:\users\Kuno\AppData\Roaming\Qikok
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 12:38 . 2011-12-20 18:29 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-15 10:49 . 2012-07-02 14:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-15 10:49 . 2011-12-08 20:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-04 10:59 . 2013-06-03 19:11 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-04 10:59 . 2013-06-02 09:35 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-04 10:59 . 2013-06-02 09:35 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-02 01:48 . 2013-09-15 09:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 12:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 12:25 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 12:25 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 12:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 12:27 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 12:25 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 12:27 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 12:27 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 12:27 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 12:25 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 12:27 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 12:27 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 12:27 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 12:27 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 12:25 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Kuno\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-17 2489456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Kuno\AppData\Local\Temp\ALSysIO64.sys;c:\users\Kuno\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dump_wmimmc;dump_wmimmc;d:\wólfteam\Wolfteam-DE\GameGuard\dump_wmimmc.sys;d:\wólfteam\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 X6va007;X6va007;c:\users\Kuno\AppData\Local\Temp\0077779.tmp;c:\users\Kuno\AppData\Local\Temp\0077779.tmp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 10:49]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job
- c:\users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06 17:48]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job
- c:\users\Kuno\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-06 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-homkido - (no file)
Wow6432Node-HKCU-Run-Poeqp - c:\users\Kuno\AppData\Roaming\Waucu\qiux.exe
Wow6432Node-HKCU-Run-Kikas - c:\users\Kuno\AppData\Roaming\Atre\wado.exe
Wow6432Node-HKCU-Run-Faduhudiex - c:\users\Kuno\AppData\Roaming\Baahuv\haeb.exe
Wow6432Node-HKCU-Run-Quyse - c:\users\Kuno\AppData\Roaming\Nane\tiubu.exe
AddRemove-InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\Kuno\AppData\Local\Temp\0077779.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-02 12:24:27
ComboFix-quarantined-files.txt 2013-10-02 10:24
.
Vor Suchlauf: 11 Verzeichnis(se), 44.996.218.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 48.007.323.648 Bytes frei
.
- - End Of File - - 72992B8516DA9DDB64B6B47BB835761B
A36C5E4F47E84449FF07ED3517B43A31
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Kuno (administrator) on U-TOWER on 02-10-2013 12:25:29
Running from C:\Users\Kuno\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Adblock Plus) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0
CHR Extension: (Google Search) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (Gmail) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-04] ()
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-12-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-02] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-12-26] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Kuno\AppData\Local\Temp\ALSysIO64.sys [x]
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\D:\wólfteam\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va007; \??\C:\Users\Kuno\AppData\Local\Temp\0077779.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-02 12:24 - 2013-10-02 12:24 - 00014021 _____ C:\ComboFix.txt
2013-10-02 11:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 11:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 11:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 11:39 - 2013-10-02 12:24 - 00000000 ____D C:\Qoobox
2013-10-02 11:39 - 2013-10-02 12:22 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:31 - 2013-10-02 11:31 - 05132885 ____R (Swearware) C:\Users\Kuno\Desktop\ComboFix.exe
2013-10-02 11:14 - 2013-10-02 11:27 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:14 - 2013-10-02 11:14 - 01045226 _____ C:\Users\Kuno\Downloads\adwcleaner.exe
2013-10-02 11:12 - 2013-10-02 11:12 - 00002715 _____ C:\Users\Kuno\Desktop\malware.txt
2013-10-02 10:18 - 2013-10-02 10:19 - 00027393 _____ C:\Users\Kuno\Downloads\Addition.txt
2013-10-02 10:15 - 2013-10-02 10:15 - 01953880 _____ (Farbar) C:\Users\Kuno\Downloads\FRST64.exe
2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST
2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt
2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt
2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe
2013-09-15 14:39 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 14:39 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 14:39 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-15 14:39 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 14:39 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 14:39 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-15 14:39 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-15 14:39 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-15 14:39 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 14:39 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-15 14:39 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-15 14:39 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-15 11:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-15 11:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-15 11:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-15 11:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-15 11:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-15 11:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-15 11:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-15 11:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-15 11:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-15 11:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-15 11:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-15 11:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-15 11:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-15 11:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-15 11:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-15 11:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-15 11:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-15 11:56 - 2013-10-02 11:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kamey
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zasig
2013-09-10 17:14 - 2013-09-15 12:11 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ovwuvy
2013-09-10 17:14 - 2013-09-10 17:55 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zuki
2013-09-10 17:14 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Meyc
2013-09-03 21:56 - 2013-09-15 13:35 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ehfuxi
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Qikok
==================== One Month Modified Files and Folders =======
2013-10-02 12:24 - 2013-10-02 12:24 - 00014021 _____ C:\ComboFix.txt
2013-10-02 12:24 - 2013-10-02 11:39 - 00000000 ____D C:\Qoobox
2013-10-02 12:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-02 12:22 - 2013-10-02 11:39 - 00000000 ____D C:\Windows\erdnt
2013-10-02 12:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-02 11:49 - 2012-07-02 16:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 11:49 - 2011-12-07 02:41 - 01357353 _____ C:\Windows\WindowsUpdate.log
2013-10-02 11:38 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kamey
2013-10-02 11:38 - 2012-10-06 19:48 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job
2013-10-02 11:31 - 2013-10-02 11:31 - 05132885 ____R (Swearware) C:\Users\Kuno\Desktop\ComboFix.exe
2013-10-02 11:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 11:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 11:27 - 2013-10-02 11:14 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:20 - 2013-07-19 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\.oit
2013-10-02 11:20 - 2011-12-08 03:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-02 11:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 11:20 - 2009-07-14 06:51 - 00063076 _____ C:\Windows\setupact.log
2013-10-02 11:14 - 2013-10-02 11:14 - 01045226 _____ C:\Users\Kuno\Downloads\adwcleaner.exe
2013-10-02 11:12 - 2013-10-02 11:12 - 00002715 _____ C:\Users\Kuno\Desktop\malware.txt
2013-10-02 10:19 - 2013-10-02 10:18 - 00027393 _____ C:\Users\Kuno\Downloads\Addition.txt
2013-10-02 10:15 - 2013-10-02 10:15 - 01953880 _____ (Farbar) C:\Users\Kuno\Downloads\FRST64.exe
2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST
2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt
2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt
2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe
2013-10-02 08:28 - 2011-12-09 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Local\CrashDumps
2013-09-24 21:38 - 2012-10-06 19:48 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job
2013-09-23 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-19 19:09 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-19 19:09 - 2009-07-14 19:58 - 00090258 _____ C:\Windows\system32\perfc007.dat
2013-09-19 19:09 - 2009-07-14 07:13 - 01553992 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 18:01 - 2009-07-14 06:45 - 04930992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 14:39 - 2013-08-14 15:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-15 14:38 - 2011-12-20 20:29 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-15 13:35 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ehfuxi
2013-09-15 12:49 - 2012-07-02 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 12:49 - 2012-07-02 16:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 12:49 - 2011-12-08 22:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 12:11 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ovwuvy
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zasig
2013-09-10 17:55 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zuki
2013-09-10 17:14 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Meyc
2013-09-04 12:59 - 2013-06-03 21:11 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 12:59 - 2013-06-02 11:35 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 12:59 - 2013-06-02 11:35 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Qikok
2013-09-03 21:56 - 2013-08-30 13:43 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ikry
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-23 11:09
==================== End Of Log ============================
--- --- --- nochmal Danke für die Mühe |
|
02.10.2013, 11:40
| #6 |
| /// TB-Ausbilder | Oracle America Inc. (jucheck.exe) Schon besser. Dann so weiter: Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2013-09-15 11:56 - 2013-10-02 11:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kamey
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zasig
2013-09-10 17:14 - 2013-09-15 12:11 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ovwuvy
2013-09-10 17:14 - 2013-09-10 17:55 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zuki
2013-09-10 17:14 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Meyc
2013-09-03 21:56 - 2013-09-15 13:35 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ehfuxi
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Qikok
2013-09-03 21:56 - 2013-08-30 13:43 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ikry
CMD: dir /a/b C:\Users\Kuno\AppData\Roaming
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
__________________ --> Oracle America Inc. (jucheck.exe) |
|
03.10.2013, 09:08
| #7 |
| | Oracle America Inc. (jucheck.exe) Schritt 1 ohne Problem Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by Kuno at 2013-10-03 00:29:22 Run:1
Running from C:\Users\Kuno\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
2013-09-15 11:56 - 2013-10-02 11:38 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Kamey
2013-09-15 11:56 - 2013-09-15 11:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zasig
2013-09-10 17:14 - 2013-09-15 12:11 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ovwuvy
2013-09-10 17:14 - 2013-09-10 17:55 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Zuki
2013-09-10 17:14 - 2013-09-10 17:14 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Meyc
2013-09-03 21:56 - 2013-09-15 13:35 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ehfuxi
2013-09-03 21:56 - 2013-09-03 21:56 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Qikok
2013-09-03 21:56 - 2013-08-30 13:43 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Ikry
CMD: dir /a/b C:\Users\Kuno\AppData\Roaming
*****************
C:\Users\Kuno\AppData\Roaming\Kamey => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Zasig => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Ovwuvy => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Zuki => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Meyc => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Ehfuxi => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Qikok => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Ikry => Moved successfully.
========= dir /a/b C:\Users\Kuno\AppData\Roaming =========
.minecraft
.oit
Adobe
Aeria Games & Entertainment
Audacity
Autodesk
Avira
com.adobe.downloadassistant.AdobeDownloadAssistant
DAEMON Tools Lite
Identities
InstallShield
LaunchPad
LolClient
LolClient2
Macromedia
Media Center Programs
Microsoft
Mozilla
NewSoft
NVIDIA
OpenOffice.org
Opera
Oqgi
Origin
Qewe
six-zsync
Skype
TeamViewer
TS3Client
vlc
WinRAR
X-Chat 2
Xuomav
========= End of CMD: =========
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.02.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Kuno :: U-TOWER [Administrator] 03.10.2013 00:36:47 mbam-log-2013-10-03 (00-36-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228840 Laufzeit: 3 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\npggsvc (Trojan.Agent.FSA76) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\GameMon.des (Trojan.Agent.FSA76) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Eset Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8afef2d34f7e2241adb1009e14f20898
# engine=15338
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-03 12:33:29
# local_time=2013-10-03 02:33:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 65236 10598608 0 0
# compatibility_mode=5893 16776574 100 94 6888243 132390259 0 0
# scanned=179537
# found=15
# cleaned=0
# scan_time=5371
sh=627E2DEEA7C458EFF4E7A255CEA45ABF58C62E50 ft=1 fh=7da35bb3fb03268c vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Atre\wado.exe.vir"
sh=212F12292D0715F1E8A2ABF1A862A344117DAD7E ft=1 fh=fe1292e5d0e79255 vn="Win32/Injector.AMBD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Baahuv\haeb.exe.vir"
sh=9CBBCEDABFF5DDC48E82C43D4CFC99AFF4307D7E ft=1 fh=906e8764c571de94 vn="a variant of Win32/Injector.ANAR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Cesagi\couqh.exe.vir"
sh=182C11EDA5AE686DC1E7431DC4FCF8A809B66ED0 ft=1 fh=fe1292e5d0e79255 vn="Win32/Injector.AMBD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Epupuf\avewl.exe.vir"
sh=DC6404CB59AF96F3D48182DEC72A0ED965046875 ft=1 fh=18ea587938ed0ace vn="a variant of Win32/Injector.ALXK trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Hiigit\olwao.exe.vir"
sh=D7E1EB4EA4D8BFBE3B1B7AD4BC132A875AC85A83 ft=1 fh=bd18626e665d6c64 vn="a variant of Win32/Injector.ANIJ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Ixdoh\umza.exe.vir"
sh=D567EB23BE1AE42EE97022D5FF3F715A0D21DF1A ft=1 fh=3aae2e89ec45b32f vn="a variant of Win32/Injector.AMPG trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Kuagze\wyreu.exe.vir"
sh=B8559FA023A6550C201794A51DDE54E37D2BBD7F ft=1 fh=028c33a0d580f1e7 vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Nane\tiubu.exe.vir"
sh=35318DC712E844B84DBDDE09F547EFFB9BD9BDBA ft=1 fh=f5bbde2224a00cca vn="a variant of Win32/Injector.AMLA trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Nosepo\udgy.exe.vir"
sh=3ED850D6690793AC5E6E9F2D74905FE5CD31CB0C ft=1 fh=6b7efcbe01f7e577 vn="a variant of Win32/Injector.ANDJ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Usbi\laane.exe.vir"
sh=7159B79DFC1174F8DE8CC04650733E6D26901926 ft=1 fh=b9d6cd8740e5e596 vn="a variant of Win32/Injector.ANIP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Vuwo\hapiz.exe.vir"
sh=D3AAB2C8FEF405E8DDD1031D88D61BE0CBCD8945 ft=1 fh=3edf7ac3607c9152 vn="a variant of Win32/Injector.ALXK trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Waucu\qiux.exe.vir"
sh=D84F2E720A21FC1009981164E206376ABAFC370E ft=1 fh=b51fc8160607d8e5 vn="a variant of Win32/Injector.ALXK trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Ykexnu\inky.exe.vir"
sh=FE5FFF7B33BF9F6565AADABF07F981375E1E1BD4 ft=1 fh=ed6624d20432ff7e vn="a variant of Win32/Injector.ANFM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Kuno\AppData\Roaming\Yknoho\kecoe.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Spy.Zbot.AAO trojan" ac=I fn="${Memory}"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 (ATTENTION: ====> FRST version is 6 days old and could be outdated) Ran by Kuno (administrator) on U-TOWER on 03-10-2013 10:05:26 Running from C:\Users\Kuno\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE () C:\Windows\SysWOW64\PnkBstrA.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.) HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKCU\...\Policies\Explorer: [] HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.de/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll No File CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll No File CHR Plugin: (Norton Confidential) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (Google Update) - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (YouTube) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Adblock Plus) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0 CHR Extension: (Google Search) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0 CHR Extension: (Gmail) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-04] () S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-12-26] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-02] (Avira Operations GmbH & Co. KG) R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-12-26] () S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] () S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) S3 ALSysIO; \??\C:\Users\Kuno\AppData\Local\Temp\ALSysIO64.sys [x] U3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 dump_wmimmc; \??\D:\wólfteam\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 X6va007; \??\C:\Users\Kuno\AppData\Local\Temp\0077779.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-03 00:58 - 2013-10-03 00:58 - 02347384 _____ (ESET) C:\Users\Kuno\Downloads\esetsmartinstaller_enu.exe 2013-10-03 00:53 - 2013-10-03 00:53 - 01684368 _____ (ESET) C:\Users\Kuno\Downloads\eset_nod32_antivirus_live_installer.exe 2013-10-03 00:34 - 2013-10-03 00:34 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Malwarebytes 2013-10-03 00:33 - 2013-10-03 00:33 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-03 00:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-03 00:30 - 2013-10-03 00:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kuno\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-02 12:26 - 2013-10-02 12:27 - 00034086 _____ C:\Users\Kuno\Downloads\FRST.txt 2013-10-02 12:24 - 2013-10-02 12:24 - 00014021 _____ C:\ComboFix.txt 2013-10-02 11:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-02 11:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-02 11:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-02 11:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-02 11:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-02 11:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-02 11:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-02 11:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-02 11:39 - 2013-10-02 12:24 - 00000000 ____D C:\Qoobox 2013-10-02 11:39 - 2013-10-02 12:22 - 00000000 ____D C:\Windows\erdnt 2013-10-02 11:31 - 2013-10-02 11:31 - 05132885 ____R (Swearware) C:\Users\Kuno\Desktop\ComboFix.exe 2013-10-02 11:14 - 2013-10-02 11:27 - 00000000 ____D C:\AdwCleaner 2013-10-02 11:14 - 2013-10-02 11:14 - 01045226 _____ C:\Users\Kuno\Downloads\adwcleaner.exe 2013-10-02 11:12 - 2013-10-02 11:12 - 00002715 _____ C:\Users\Kuno\Desktop\malware.txt 2013-10-02 10:18 - 2013-10-02 10:19 - 00027393 _____ C:\Users\Kuno\Downloads\Addition.txt 2013-10-02 10:15 - 2013-10-02 10:15 - 01953880 _____ (Farbar) C:\Users\Kuno\Desktop\FRST64.exe 2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST 2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt 2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt 2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe 2013-09-15 14:39 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-15 14:39 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-15 14:39 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-15 14:39 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-15 14:39 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-15 14:39 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-15 14:39 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-15 14:39 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-15 14:39 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-15 14:39 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-15 14:39 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-15 14:39 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-15 14:39 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-15 14:39 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-15 11:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-15 11:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-15 11:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-15 11:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-15 11:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-15 11:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-15 11:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-15 11:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-15 11:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-15 11:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-15 11:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-15 11:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-15 11:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-15 11:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-15 11:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-15 11:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-15 11:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-15 11:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-15 11:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-15 11:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-15 11:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-15 11:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-15 11:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-15 11:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-15 11:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-15 11:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-15 11:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll ==================== One Month Modified Files and Folders ======= 2013-10-03 09:59 - 2012-10-06 19:48 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job 2013-10-03 09:58 - 2012-07-02 16:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-03 02:23 - 2011-12-07 02:41 - 01373785 _____ C:\Windows\WindowsUpdate.log 2013-10-03 00:58 - 2013-10-03 00:58 - 02347384 _____ (ESET) C:\Users\Kuno\Downloads\esetsmartinstaller_enu.exe 2013-10-03 00:53 - 2013-10-03 00:53 - 01684368 _____ (ESET) C:\Users\Kuno\Downloads\eset_nod32_antivirus_live_installer.exe 2013-10-03 00:34 - 2013-10-03 00:34 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Malwarebytes 2013-10-03 00:33 - 2013-10-03 00:33 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-03 00:32 - 2012-10-06 19:48 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job 2013-10-03 00:30 - 2013-10-03 00:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kuno\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-02 12:27 - 2013-10-02 12:26 - 00034086 _____ C:\Users\Kuno\Downloads\FRST.txt 2013-10-02 12:24 - 2013-10-02 12:24 - 00014021 _____ C:\ComboFix.txt 2013-10-02 12:24 - 2013-10-02 11:39 - 00000000 ____D C:\Qoobox 2013-10-02 12:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-10-02 12:22 - 2013-10-02 11:39 - 00000000 ____D C:\Windows\erdnt 2013-10-02 12:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-10-02 11:31 - 2013-10-02 11:31 - 05132885 ____R (Swearware) C:\Users\Kuno\Desktop\ComboFix.exe 2013-10-02 11:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-02 11:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-02 11:27 - 2013-10-02 11:14 - 00000000 ____D C:\AdwCleaner 2013-10-02 11:20 - 2013-07-19 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\.oit 2013-10-02 11:20 - 2011-12-08 03:11 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-02 11:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-02 11:20 - 2009-07-14 06:51 - 00063076 _____ C:\Windows\setupact.log 2013-10-02 11:14 - 2013-10-02 11:14 - 01045226 _____ C:\Users\Kuno\Downloads\adwcleaner.exe 2013-10-02 11:12 - 2013-10-02 11:12 - 00002715 _____ C:\Users\Kuno\Desktop\malware.txt 2013-10-02 10:19 - 2013-10-02 10:18 - 00027393 _____ C:\Users\Kuno\Downloads\Addition.txt 2013-10-02 10:15 - 2013-10-02 10:15 - 01953880 _____ (Farbar) C:\Users\Kuno\Desktop\FRST64.exe 2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST 2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt 2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt 2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe 2013-10-02 08:28 - 2011-12-09 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Local\CrashDumps 2013-09-23 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-19 19:09 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat 2013-09-19 19:09 - 2009-07-14 19:58 - 00090258 _____ C:\Windows\system32\perfc007.dat 2013-09-19 19:09 - 2009-07-14 07:13 - 01553992 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-16 18:01 - 2009-07-14 06:45 - 04930992 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-15 14:39 - 2013-08-14 15:18 - 00000000 ____D C:\Windows\system32\MRT 2013-09-15 14:38 - 2011-12-20 20:29 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-15 12:49 - 2012-07-02 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-15 12:49 - 2012-07-02 16:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-15 12:49 - 2011-12-08 22:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-04 12:59 - 2013-06-03 21:11 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-04 12:59 - 2013-06-02 11:35 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-04 12:59 - 2013-06-02 11:35 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-02 13:10 ==================== End Of Log ============================ Danke und dir einen schönen Feiertag |
|
03.10.2013, 16:20
| #8 |
| /// TB-Ausbilder | Oracle America Inc. (jucheck.exe) Hi, hast du zwischen dem Combofix-Lauf und dem ESET-Scan den Rechner mal neu gestartet gehabt oder war der durchgehend am Laufen? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Kuno\AppData\Roaming\Oqgi
C:\Users\Kuno\AppData\Roaming\Qewe
C:\Users\Kuno\AppData\Roaming\Xuomav
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
|
03.10.2013, 23:56
| #9 |
| | Oracle America Inc. (jucheck.exe) wenn ich mich richtig erinner, startete ich den Computer nach ESET und nicht davor und nach Combofix. Schlimm? Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Kuno at 2013-10-04 00:52:00 Run:2
Running from C:\Users\Kuno\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Kuno\AppData\Roaming\Oqgi
C:\Users\Kuno\AppData\Roaming\Qewe
C:\Users\Kuno\AppData\Roaming\Xuomav
*****************
C:\Users\Kuno\AppData\Roaming\Oqgi => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Qewe => Moved successfully.
C:\Users\Kuno\AppData\Roaming\Xuomav => Moved successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Kuno (administrator) on U-TOWER on 04-10-2013 00:54:21
Running from C:\Users\Kuno\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Akamai Technologies, Inc.) C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Akamai Technologies, Inc.) C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Adblock Plus) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0
CHR Extension: (Google Search) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (Gmail) - C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-04] ()
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-12-26] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-02] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-12-26] ()
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 ALSysIO; \??\C:\Users\Kuno\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\D:\wólfteam\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va007; \??\C:\Users\Kuno\AppData\Local\Temp\0077779.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 00:51 - 2013-10-04 00:51 - 01954124 _____ (Farbar) C:\Users\Kuno\Desktop\FRST64.exe
2013-10-04 00:22 - 2013-10-04 00:22 - 99176917 _____ C:\Windows\SysWOW64\즈뤔蹬S
2013-10-03 00:58 - 2013-10-03 00:58 - 02347384 _____ (ESET) C:\Users\Kuno\Downloads\esetsmartinstaller_enu.exe
2013-10-03 00:53 - 2013-10-03 00:53 - 01684368 _____ (ESET) C:\Users\Kuno\Downloads\eset_nod32_antivirus_live_installer.exe
2013-10-03 00:34 - 2013-10-03 00:34 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Malwarebytes
2013-10-03 00:33 - 2013-10-03 00:33 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 00:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-03 00:30 - 2013-10-03 00:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kuno\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 12:26 - 2013-10-02 12:27 - 00034086 _____ C:\Users\Kuno\Downloads\FRST.txt
2013-10-02 12:24 - 2013-10-02 12:24 - 00014021 _____ C:\ComboFix.txt
2013-10-02 11:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 11:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 11:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 11:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 11:39 - 2013-10-02 12:24 - 00000000 ____D C:\Qoobox
2013-10-02 11:39 - 2013-10-02 12:22 - 00000000 ____D C:\Windows\erdnt
2013-10-02 11:31 - 2013-10-02 11:31 - 05132885 ____R (Swearware) C:\Users\Kuno\Desktop\ComboFix.exe
2013-10-02 11:14 - 2013-10-02 11:27 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:14 - 2013-10-02 11:14 - 01045226 _____ C:\Users\Kuno\Downloads\adwcleaner.exe
2013-10-02 11:12 - 2013-10-02 11:12 - 00002715 _____ C:\Users\Kuno\Desktop\malware.txt
2013-10-02 10:18 - 2013-10-02 10:19 - 00027393 _____ C:\Users\Kuno\Downloads\Addition.txt
2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST
2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt
2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt
2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe
2013-09-15 14:39 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-15 14:39 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-15 14:39 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-15 14:39 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-15 14:39 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-15 14:39 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-15 14:39 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-15 14:39 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-15 14:39 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-15 14:39 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-15 14:39 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-15 14:39 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-15 14:39 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-15 14:39 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-15 11:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-15 11:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-15 11:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-15 11:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-15 11:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-15 11:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-15 11:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-15 11:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-15 11:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-15 11:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-15 11:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-15 11:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-15 11:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-15 11:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-15 11:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-15 11:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 11:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-15 11:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-15 11:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-15 11:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-15 11:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-04 00:51 - 2013-10-04 00:51 - 01954124 _____ (Farbar) C:\Users\Kuno\Desktop\FRST64.exe
2013-10-04 00:49 - 2012-07-02 16:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 00:38 - 2012-10-06 19:48 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job
2013-10-04 00:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 00:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 00:22 - 2013-10-04 00:22 - 99176917 _____ C:\Windows\SysWOW64\즈뤔蹬S
2013-10-04 00:22 - 2011-12-09 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Local\CrashDumps
2013-10-04 00:21 - 2013-07-19 23:04 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\.oit
2013-10-04 00:20 - 2011-12-08 03:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-04 00:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 00:20 - 2009-07-14 06:51 - 00063188 _____ C:\Windows\setupact.log
2013-10-03 10:53 - 2011-12-07 02:41 - 01423622 _____ C:\Windows\WindowsUpdate.log
2013-10-03 10:17 - 2011-12-08 03:06 - 00762676 _____ C:\Windows\PFRO.log
2013-10-03 00:58 - 2013-10-03 00:58 - 02347384 _____ (ESET) C:\Users\Kuno\Downloads\esetsmartinstaller_enu.exe
2013-10-03 00:53 - 2013-10-03 00:53 - 01684368 _____ (ESET) C:\Users\Kuno\Downloads\eset_nod32_antivirus_live_installer.exe
2013-10-03 00:34 - 2013-10-03 00:34 - 00000000 ____D C:\Users\Kuno\AppData\Roaming\Malwarebytes
2013-10-03 00:33 - 2013-10-03 00:33 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 00:33 - 2013-10-03 00:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 00:32 - 2012-10-06 19:48 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job
2013-10-03 00:30 - 2013-10-03 00:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kuno\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 12:27 - 2013-10-02 12:26 - 00034086 _____ C:\Users\Kuno\Downloads\FRST.txt
2013-10-02 12:24 - 2013-10-02 12:24 - 00014021 _____ C:\ComboFix.txt
2013-10-02 12:24 - 2013-10-02 11:39 - 00000000 ____D C:\Qoobox
2013-10-02 12:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-02 12:22 - 2013-10-02 11:39 - 00000000 ____D C:\Windows\erdnt
2013-10-02 12:22 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-02 11:31 - 2013-10-02 11:31 - 05132885 ____R (Swearware) C:\Users\Kuno\Desktop\ComboFix.exe
2013-10-02 11:27 - 2013-10-02 11:14 - 00000000 ____D C:\AdwCleaner
2013-10-02 11:14 - 2013-10-02 11:14 - 01045226 _____ C:\Users\Kuno\Downloads\adwcleaner.exe
2013-10-02 11:12 - 2013-10-02 11:12 - 00002715 _____ C:\Users\Kuno\Desktop\malware.txt
2013-10-02 10:19 - 2013-10-02 10:18 - 00027393 _____ C:\Users\Kuno\Downloads\Addition.txt
2013-10-02 10:15 - 2013-10-02 10:15 - 00000000 ____D C:\FRST
2013-10-02 09:18 - 2013-10-02 09:18 - 00097482 _____ C:\Users\Kuno\Downloads\Extras.Txt
2013-10-02 09:15 - 2013-10-02 09:15 - 00152146 _____ C:\Users\Kuno\Downloads\OTL.Txt
2013-10-02 08:52 - 2013-10-02 08:52 - 00602112 _____ (OldTimer Tools) C:\Users\Kuno\Downloads\OTL.exe
2013-09-23 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-19 19:09 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-19 19:09 - 2009-07-14 19:58 - 00090258 _____ C:\Windows\system32\perfc007.dat
2013-09-19 19:09 - 2009-07-14 07:13 - 01553992 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 18:02 - 2012-02-16 21:19 - 00000000 ___RD C:\Users\Kuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 18:01 - 2009-07-14 06:45 - 04930992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 14:39 - 2013-08-14 15:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-15 14:38 - 2011-12-20 20:29 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-15 12:49 - 2012-07-02 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 12:49 - 2012-07-02 16:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 12:49 - 2011-12-08 22:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-04 12:59 - 2013-06-03 21:11 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 12:59 - 2013-06-02 11:35 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 12:59 - 2013-06-02 11:35 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-02 13:10
==================== End Of Log ============================
danke |
|
04.10.2013, 10:55
| #10 | |
| /// TB-Ausbilder | Oracle America Inc. (jucheck.exe) Hi, Zitat:
Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 40.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
06.10.2013, 10:10
| #11 |
| | Oracle America Inc. (jucheck.exe) Soweit hat alles geklappt und ich hab erstmal keine Fragen mehr. nur: Von Java habe ich alle alten Versionen deinstalliert. Der Link zur jxpiinstall.exe führte mich zwar zum Download einer Datei und die Seite wirkte nach Java und seriös, aber die Datei hieß anders: jre-7u40-windows-x64 In dem Fenster, wo gefragt wird, ob man zulassen möchte, dass durch das folgende Programm Änderungen am Computer vorgenommen werden, hieß der verifizierte Herausgeber dazu wieder Oracle America, Inc.. der Programmname Java SE Runtime Environment 7 Update 40. Da war ich dann erstmal unsicher und somit vorsichtig und habe es nicht installiert. Habe vielen Danke für deine Hilfe und ein glückerfülltes Leben cu |
|
06.10.2013, 13:15
| #12 | ||
| /// TB-Ausbilder | Oracle America Inc. (jucheck.exe)Zitat:
Zitat:
 Du hättest das installieren können, das wäre das richtige Java gewesen. Aber wenn du Java nicht unbedingt brauchst, musst du es nicht installiert haben. Du kannst es ja mal so belassen und erst wieder installieren, falls irgendein Programm meldet, dass Java benötigt wird. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
Linear-Darstellung
